FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP (Model Context Protocol) tools endpoints (/api/core/app/mcpTools/getTools and…

FastGPT, an AI Agent building platform, contains a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 4.14.9.5. The MCP tools endpoints accept user-supplied URLs and make server-side HTTP requests without validating if the URL points to internal/private network addresses. Authenticated attackers can exploit this to scan internal networks, access cloud metadata services, and interact with internal services like MongoDB and Redis. The vulnerability exists because the MCP endpoints do not use the existing isInternalAddress() function that provides SSRF protection in other parts of the application. This issue has been patched in version 4.14.9.5.