CVE-2026-34162 is a critical security vulnerability identified in labring's FastGPT AI Agent building platform, specifically affecting versions prior to 4.14.9.5. The vulnerability stems from the HTTP tools testing endpoint (/api/core/app/httpTools/runTool) being exposed without any authentication mechanism. This endpoint acts as a full HTTP proxy, accepting user inputs such as baseUrl, toolPath, HTTP method, custom headers, and request body, then performing server-side HTTP requests and returning the full response to the requester. Because there is no authentication or access control, any unauthenticated attacker can leverage this endpoint to send arbitrary HTTP requests from the server, effectively using the FastGPT server as an open proxy. This can facilitate a range of malicious activities including unauthorized access to internal network resources, bypassing network restrictions, reconnaissance, and potentially launching further attacks on internal or external systems. The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function) and CWE-918 (Server-Side Request Forgery - SSRF). The CVSS v3.1 base score is 10.0, reflecting the vulnerability's ease of exploitation (no privileges or user interaction required), the critical impact on confidentiality and integrity (full data exposure and manipulation), and partial impact on availability (potential service disruption). Although no known exploits have been reported in the wild yet, the severity and nature of the flaw make it a high-risk issue. The vendor has addressed the vulnerability in FastGPT version 4.14.9.5 by implementing proper authentication controls on the affected endpoint.

The impact of CVE-2026-34162 is severe for organizations using vulnerable versions of FastGPT. Attackers can exploit the unauthenticated proxy endpoint to perform arbitrary HTTP requests from the server, potentially accessing sensitive internal systems and data that are otherwise protected by network segmentation or firewalls. This can lead to unauthorized data disclosure, internal network reconnaissance, and lateral movement within an organization's infrastructure. The ability to manipulate request headers and bodies increases the risk of exploiting other internal services or APIs. Additionally, attackers could use the proxy to anonymize their traffic, complicating incident response and attribution. The vulnerability also poses a risk of service disruption if abused to flood internal or external resources. Given FastGPT's role as an AI agent platform, compromise could extend to manipulation or leakage of AI model data, user inputs, or outputs, impacting confidentiality and integrity of AI-driven processes. Overall, the vulnerability threatens confidentiality, integrity, and availability, making it critical for organizations to remediate promptly.

To mitigate CVE-2026-34162, organizations should immediately upgrade FastGPT to version 4.14.9.5 or later, where the authentication issue has been fixed. Until the upgrade is applied, organizations should implement network-level access controls to restrict access to the /api/core/app/httpTools/runTool endpoint, limiting it to trusted administrators or internal IP addresses only. Employ web application firewalls (WAFs) with rules to detect and block anomalous proxy-like requests targeting this endpoint. Monitor logs for unusual or unexpected HTTP requests originating from the FastGPT server, especially those containing arbitrary URLs or headers. Conduct internal network segmentation to minimize the impact of potential SSRF exploitation. Additionally, review and harden other API endpoints for proper authentication and authorization to prevent similar issues. Educate development and security teams about the risks of exposing proxy functionality without authentication. Finally, implement comprehensive incident response plans to quickly detect and respond to exploitation attempts.