Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Warning: Critical vulnerability in FastGPT. Patch Immediately!
Image
Veröffentlicht : 01/04/2026
- Last update: 01/04/2026
- Affected software: FastGPT
- Type: Information Disclosure
- CVE/CVSS: CVE-2026-34162: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L)
Sources
- Vendor Advisory : https://github.com/labring/FastGPT/security/advisories/GHSA-w36r-f268-pwrj
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-34162
Risks
This vulnerability is exploitable for any unauthenticated attacker who can reach the FastGPT endpoint. CVE-2026-34162 enables an attacker to exfiltrate all configured API keys and gain complete access to the internal network of services managed by Docker Compose. In addition this vulnerability allows sending arbitrary HTTP requests to any destination. The vulnerability has a high impact on integrity and confidentiality but a low impact on availability.
Description
The FastGPT HTTP tools testing endpoint is accessible without requiring authentication. Because it acts as a full HTTP proxy, it allows an unauthenticated attacker to make it send any server side HTTP request, returning the response. If the default admin token is not changed, this allows the attacker to access the proxy management API and exfiltrate third-party API keys. The attacker can also interact with and potentially exploit all Docker Compose internal services, using the customHeaders parameter to change their HTTP headers. An attacker can also exploit the server to issue HTTP requests to arbitrary external or internal destinations.
The issue is patched in version 4.14.9.5. The vendor advisory’s remediation section provides several recommendations for strengthening the security of a FastGPT instance.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Mitigate
The Centre for Cybersecurity Belgium strongly recommends implementing the remediations documented in the vendor advisory.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.