Labring Fastgpt vulnerabilities
22 known vulnerabilities affecting labring/fastgpt.
Total CVEs
22
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH6MEDIUM11LOW1
Vulnerabilities
Page 2 of 2
CVE-2025-52552P4MEDIUMCVSS 6.1fixed in 4.9.122025-06-21
CVE-2025-52552 [MEDIUM] CWE-79 CVE-2025-52552: FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login
FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to attacker-controlled sites. This issue has been patched in version 4.9
nvd
CVE-2026-44286P4LOWCVSS 2.3fixed in 4.14.172026-05-08
CVE-2026-44286 [LOW] CWE-918 CVE-2026-44286: FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side R
FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows attackers (or authenticated users with App editing privileges) to send arbitrary HTTP requests to internal/private network addresses. The fetchData function in the lafModule workflow node uses axios to fetch use
nvd
← Previous2 / 2