Critical Vulnerability in FastGPT Allows API Key Exfiltration and Internal Network Access

A critical vulnerability, CVE-2026-34162, has been identified in FastGPT, a framework for building AI-powered applications. The vulnerability resides in the HTTP tools testing endpoint, which is accessible without authentication. This allows an unauthenticated attacker to send arbitrary server-side HTTP requests and receive the responses. If the default admin token is not changed, an attacker can access the proxy management API to exfiltrate third-party API keys. Furthermore, the attacker can interact with and potentially exploit all Docker Compose internal services by manipulating HTTP headers. This issue was publicly disclosed on April 1, 2026, by CCB Belgium, who strongly recommends immediate patching. The vulnerability is patched in version 4.14.9.5. Successful exploitation can lead to complete control over the internal network and sensitive data exposure.

Attack Chain

1. An unauthenticated attacker identifies a vulnerable FastGPT instance exposed to the network.
2. The attacker accesses the FastGPT HTTP tools testing endpoint without authentication.
3. The attacker uses the endpoint to send arbitrary HTTP requests to the FastGPT server itself or internal services.
4. If the default admin token is unchanged, the attacker uses the HTTP proxy functionality to access the proxy management API.
5. The attacker exfiltrates third-party API keys stored within the FastGPT configuration.
6. The attacker leverages the exfiltrated API keys to access external services, potentially causing further damage.
7. The attacker uses the HTTP proxy functionality, including custom headers, to interact with other Docker Compose internal services.
8. The attacker exploits vulnerabilities in these internal services, leading to complete access to the internal network and sensitive data.

Impact

Successful exploitation of CVE-2026-34162 can lead to the complete compromise of the FastGPT server and the internal network it manages. An attacker can exfiltrate sensitive API keys, gain unauthorized access to internal services, and potentially pivot to other systems within the network. The vulnerability poses a high risk to the confidentiality and integrity of data, potentially impacting numerous organizations relying on FastGPT for their AI-powered applications. The CCB Belgium advisory highlights the potential for widespread impact given the nature of the vulnerability and the popularity of FastGPT.

Recommendation

• Immediately patch FastGPT instances to version 4.14.9.5 to remediate CVE-2026-34162 as per the vendor advisory.
• Implement the remediations documented in the vendor advisory to strengthen the security of FastGPT instances.
• Upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion, as recommended by the CCB.
• Investigate and report any suspected intrusions using the incident reporting URL found in the advisory (https://ccb.belgium.be/report-incident).