CVE-2026-34163 | labring FastGPT up to 4.14.7 getTools isInternalAddress server-side request forgery

A vulnerability categorized as critical has been discovered in labring FastGPT up to 4.14.7. The affected element is the function isInternalAddress of the file /api/core/app/mcpTools/getTools. Such manipulation leads to server-side request forgery.

This vulnerability is traded as CVE-2026-34163. The attack may be launched remotely. There is no exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More