FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass t…

FastGPT AI Agent building platform contains a Server-Side Request Forgery (SSRF) vulnerability prior to version 4.15.0-beta1. The vulnerability allows authenticated attackers to bypass network protection and make arbitrary HTTP GET requests to internal network services. The issue stems from an incomplete fix in the dataset preview endpoint /api/core/dataset/file/getPreviewChunks when using the externalFile data import type. Attackers can exploit this to access internal network services that should be protected. The vulnerability has been fixed in version 4.15.0-beta1.