SSRF in Labring Fastgpt
CVE-2026-61646
FastGPT is a knowledge-based AI application platform. Prior to 4.15.0-beta5, FastGPT's shared SSRF guard validates only the initial request URL before handing the request to axios, and axios follows redirects by default. An authenticated w…
Vulnerability class: SSRF (Server-Side Request Forgery)
Affected products
- Labring Fastgpt — versions < 4.15.0-beta5
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)