CVE-2026-4505 eosphoros-ai DB-GPT FastAPI Endpoint controller.py module_plugin.refresh_plugins unrestricted upload

🗓️ 20 Mar 2026 20:02:14Reported by VulDBType

CVE-2026-4505 enables unrestricted file upload via module_plugin.refresh_plugins in eosphoros-ai DB-GPT.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-4505	20 Mar 202620:02	–	attackerkb
Circl	CVE-2026-4505	20 Mar 202619:16	–	circl
CNNVD	DB-GPT 代码问题漏洞	20 Mar 202600:00	–	cnnvd
CVE	CVE-2026-4505	20 Mar 202620:02	–	cve
EUVD	EUVD-2026-13806	20 Mar 202621:31	–	euvd
NVD	CVE-2026-4505	20 Mar 202620:16	–	nvd
Positive Technologies	PT-2026-26673	20 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-4505	26 Mar 202615:15	–	redhatcve
Vulnrichment	CVE-2026-4505 eosphoros-ai DB-GPT FastAPI Endpoint controller.py module_plugin.refresh_plugins unrestricted upload	20 Mar 202620:02	–	vulnrichment

[
  {
    "vendor": "eosphoros-ai",
    "product": "DB-GPT",
    "versions": [
      {
        "version": "0.7.0",
        "status": "affected"
      },
      {
        "version": "0.7.1",
        "status": "affected"
      },
      {
        "version": "0.7.2",
        "status": "affected"
      },
      {
        "version": "0.7.3",
        "status": "affected"
      },
      {
        "version": "0.7.4",
        "status": "affected"
      },
      {
        "version": "0.7.5",
        "status": "affected"
      }
    ],
    "modules": [
      "FastAPI Endpoint"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/Ka7arotto/cve/blob/main/DB-gpt-uploadrce.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

20 Mar 2026 20:02Current

CVSS 45.3

CVSS 3.16.3

CVSS 36.3

CVSS 26.5

EPSS0.0005