FastGPT versions up to 4.14.11 contain an SSRF vulnerability due to insufficient validation in the isInternalAddress() function. This function tries to block requests to cloud metadata endpoints by matching the start of URLs against a fixed list. However, attackers can bypass this check using at least seven different URL encoding methods that resolve to the same metadata service but evade the blocklist. Furthermore, the internal IP address checks are disabled by default because the CHECK_INTERNAL_IP flag is set to false, allowing these bypassed requests to reach sensitive internal endpoints without additional filtering. No patches or official remediation guidance have been published as of the vulnerability disclosure date.

An attacker with at least limited privileges (PR:L) can exploit this SSRF vulnerability to access cloud metadata endpoints, potentially exposing sensitive information such as credentials or configuration data. The vulnerability impacts confidentiality (C:H) but does not affect integrity or availability. The vulnerability's CVSS vector indicates it can be exploited remotely over the network with low attack complexity and no user interaction required. This could lead to information disclosure within affected FastGPT deployments.

At the time of publication, no official patch or fix is available for this vulnerability. Users should monitor the vendor's advisories for updates and apply patches once released. In the interim, consider implementing network-level controls to restrict outbound requests from FastGPT instances to internal metadata IP ranges or cloud metadata endpoints. Additionally, review and harden configuration settings related to internal IP checks if possible. Avoid exposing FastGPT instances to untrusted users until a fix is available.