CVE-2026-40100 FastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP default
FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress only blocks private IPs when CHECKINTERNALIP=true, which is not the default. This allows...