Home / Vulnerability Intelligence / CVE-2026-34162

CVE-2026-34162 - Vulnerability Analysis

CriticalCVSS: 10.0

Last Updated: April 1, 2026

FastGPT - Authentication Bypass

Published: March 31, 2026Updated: April 1, 2026PoC AvailableRemote Exploitable

Overview

FastGPT < 4.14.9.5 contains an authentication bypass caused by an exposed HTTP tools testing endpoint (/api/core/app/httpTools/runTool) acting as a full HTTP proxy, letting remote attackers make arbitrary server-side HTTP requests, exploit requires no authentication.

Severity & Score

Severity: Critical

CVSS Score: 10.0

EPSS Score: 9.1%(Probability of exploitation in next 30 days)

Impact

Remote attackers can make arbitrary server-side HTTP requests, potentially accessing internal services or sensitive data.

Mitigation

Upgrade to version 4.14.9.5 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 31, 2026

🔴 CVE-2026-34162 - Critical (10) FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-sup... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34162/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-34162
Severity: Critical
CVSS Score: 10.0
Type: broken_authentication
Status: confirmed
EPSS: 9.1%
Social Posts: 1

CWE

CWE-306

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

EPSS Score

9.1%Probability of exploitation in the next 30 days