Labring Fastgpt vulnerabilities
22 known vulnerabilities affecting labring/fastgpt.
Total CVEs
22
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH6MEDIUM11LOW1
Vulnerabilities
Page 1 of 2
CVE-2026-42302P2CRITICALCVSS 9.8v>= 4.14.10, < 4.14.132026-05-08
CVE-2026-42302 [CRITICAL] CWE-306 CVE-2026-42302: FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to all network interfaces (0.0.0.0:8080). This config
nvd
CVE-2026-40351P2CRITICALCVSS 9.8fixed in 4.14.9.52026-04-17
CVE-2026-40351 [CRITICAL] CWE-943 CVE-2026-40351: FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login en
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object (e.g., {"$ne": ""}) as the password field. This NoSQL injection bypasses the password check, enabling logi
nvd
CVE-2026-34162P2CRITICALCVSS 10.0fixed in 4.14.9.52026-03-31
CVE-2026-34162 [CRITICAL] CWE-306 CVE-2026-34162: FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers, and body, then makes a server-side HTTP request and
nvd
CVE-2025-49131P2CRITICALCVSS 9.9fixed in 4.9.112025-06-09
CVE-2025-49131 [CRITICAL] CWE-732 CVE-2025-49131: FastGPT is an open-source project that provides a platform for building, deploying, and operating AI
FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.1
nvd
CVE-2026-33075P2HIGHCVSS 8.8≤ 4.14.8.32026-03-20
CVE-2026-33075 [HIGH] CWE-494 CVE-2026-33075: FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.
FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pull_request_target (which runs with access to repository secrets) but checks out code from the pull request author's fork, then builds a
nvd
CVE-2026-40352P3HIGHCVSS 8.8fixed in 4.14.9.52026-04-17
CVE-2026-40352 [HIGH] CWE-943 CVE-2026-40352: FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoin
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This allows an attacker who has gained a low-privileged session to change the password of their account (or ot
nvd
CVE-2026-40252P3HIGHCVSS 8.1fixed in 4.14.10.42026-04-10
CVE-2026-40252 [HIGH] CWE-284 CVE-2026-40252: FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability (I
FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability (IDOR/BOLA) allows any authenticated team to access and execute applications belonging to other teams by supplying a foreign appId. While the API correctly validates the team token, it does not verify that the requested application belongs to the authenti
nvd
CVE-2026-44285P3HIGHCVSS 7.7fixed in 4.15.0-beta12026-05-29
CVE-2026-44285 [HIGH] CWE-918 CVE-2026-44285: FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by exploiting an incomplete fix in the dataset preview endpoin
nvd
CVE-2026-34163P3HIGHCVSS 7.7fixed in 4.14.9.52026-03-31
CVE-2026-34163 [HIGH] CWE-918 CVE-2026-34163: FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP (Model Context Pr
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP (Model Context Protocol) tools endpoints (/api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool) accept a user-supplied URL parameter and make server-side HTTP requests to it without validating whether the URL points to an internal/private network address.
nvd
CVE-2026-42345P3HIGHCVSS 7.7≤ 4.14.112026-05-08
CVE-2026-42345 [HIGH] CWE-918 CVE-2026-42345: FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress
FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith() check against a hardcoded list. This check can be bypassed using at least 7 different URL encoding techniques, all of which resolve to th
nvd
CVE-2026-32128P3MEDIUMCVSS 6.3≤ 4.14.72026-03-11
CVE-2026-32128 [MEDIUM] CWE-184 CVE-2026-32128: FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-s
FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-sandbox) includes guardrails intended to prevent file writes (static detection + seccomp). These guardrails are bypassable by remapping stdout (fd 1) to an arbitrary writable file descriptor using fcntl. After remapping, writing via sys.stdout.write()
nvd
CVE-2026-44287P3MEDIUMCVSS 6.3fixed in 4.15.0-beta12026-05-29
CVE-2026-44287 [MEDIUM] CWE-94 CVE-2026-44287: FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at pr
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() with the regex /\bimport\s*\(/.test(code). JavaScript syntax accepts a block comment between import and (; the regex matches only ASCII whitespace, and the bytes /, *, *, / are not in t
nvd
CVE-2026-44284P3MEDIUMCVSS 6.3fixed in 4.14.172026-05-08
CVE-2026-44284 [MEDIUM] CWE-918 CVE-2026-44284: FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF
FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected internal/private network URLs, but the MCP tool create/update endpoints could still save an internal MCP server URL. That stored URL could later be used by
nvd
CVE-2026-42343P3MEDIUMCVSS 6.3≤ 4.14.132026-05-08
CVE-2026-42343 [MEDIUM] CWE-400 CVE-2026-42343: FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component
FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation and uncontrolled resource consumption. The service relies solely on an application-level soft limit (a 500ms polling interval) for memory management and lacks strict OS-level constraints such as cgroups or k
nvd
CVE-2026-40100P3MEDIUMCVSS 5.3fixed in 4.14.10.32026-04-10
CVE-2026-40100 [MEDIUM] CWE-918 CVE-2026-40100: FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool end
FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress() only blocks private IPs when CHECK_INTERNAL_IP=true, which is not the default. This allows unauthenticated attackers to perform SSRF against internal net
nvd
CVE-2026-42344P3MEDIUMCVSS 6.3≤ 4.14.112026-05-08
CVE-2026-42344 [MEDIUM] CWE-367 CVE-2026-42344: FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress
FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding (TOCTOU — Time-of-Check to Time-of-Use). The function resolves the hostname via dns.resolve4()/dns.resolve6() and checks resolved IPs against private ranges, but the
nvd
CVE-2025-27600P3MEDIUMCVSS 6.5fixed in 4.9.02025-03-06
CVE-2025-27600 [MEDIUM] CWE-918 CVE-2025-27600: FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not per
FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intranet. This issue is fixed in 4.9.0.
nvd
CVE-2026-26003P4MEDIUMCVSS 5.4v>= 4.14.0, < 4.14.5-fix2026-02-10
CVE-2026-26003 [MEDIUM] CWE-601 CVE-2026-26003: FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the p
FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but it will not result in key leakage. For older versions,
nvd
CVE-2025-62612P4MEDIUMCVSS 5.3fixed in 4.11.12025-10-22
CVE-2025-62612 [MEDIUM] CWE-918 CVE-2025-62612: FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node
FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patched in version 4.11.1.
nvd
CVE-2026-26075P4MEDIUMCVSS 5.4fixed in 4.14.72026-02-12
CVE-2026-26075 [MEDIUM] CWE-352 CVE-2026-26075: FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes,
FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain security issues. In addition to implementing internal network isolation in the deployment environment, this optimization has added stricter internal networ
nvd
1 / 2Next →