What is CVE-2026-34162?

CVE-2026-34162 is a critical-severity vulnerability in Labring Fastgpt, classified under Missing Authentication for Critical Function. CVSS score: 10.0/10. Published 2026-03-31.

How severe is CVE-2026-34162?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Auth bypass in Labring Fastgpt

CVE-2026-34162

FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a us…

Vulnerability class: Broken Authentication

EPSS: 0.002 (45.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L.

Affected products

Labring Fastgpt — versions < 4.14.9.5

Weakness classification (CWE)

References

https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj (x_refsource_CONFIRM)
https://github.com/labring/FastGPT/pull/6640 (x_refsource_MISC)
https://github.com/labring/FastGPT/commit/bc7eae2ed61481a5e322208829be291faec58c00 (x_refsource_MISC)
https://github.com/labring/FastGPT/releases/tag/v4.14.9.5 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-34162?: CVE-2026-34162 is a critical-severity vulnerability in Labring Fastgpt, classified under Missing Authentication for Critical Function. CVSS score: 10.0/10. Published 2026-03-31.
How severe is CVE-2026-34162?: Critical severity. CVSS v3 base score is 10.0 out of 10.