An unauthenticated attacker can use FastGPT as an open HTTP proxy to access internal network resources or mask malicious traffic, leading to significant exposure of private infrastructure.

The /api/core/app/httpTools/runTool endpoint lacks authentication and allows arbitrary HTTP requests to be made by the server. This functions as a full-featured HTTP proxy where an unauthenticated attacker can control the method, headers, body, and target URL.

The impact is a critical breach of perimeter security. Attackers can use this flaw to perform Server-Side Request Forgery (SSRF) to scan internal networks, access metadata services in cloud environments, or bypass IP-based access controls. The CVSS score of 10 reflects the total loss of control over the application's network communication capabilities.

Immediate Action: Update FastGPT to version 4.14.9.5 or later to enforce authentication on the affected testing endpoints.

Proactive Monitoring: Review application logs for high volumes of requests to the /runTool endpoint and monitor for outbound traffic to internal or unusual IP ranges.

Compensating Controls: Implement egress filtering on the server hosting FastGPT to prevent it from initiating connections to sensitive internal network segments or cloud metadata IPs.

Public Exploit Available: No

Given the CVSS 10 rating, this vulnerability should be treated as an emergency. The ability for an unauthenticated outsider to pivot through the server into your internal network is a catastrophic risk. Apply the 4.14.9.5 patch immediately and restrict network access to the FastGPT server until remediated.