Lucene search
K

155 matches found

CVE
CVE
added 2026/03/11 9:30 p.m.9 views

CVE-2026-32128

FastGPT’s Python Sandbox (fastgpt-sandbox) in versions 4.14.7 and earlier contains guardrails intended to block file writes (static detection + seccomp). The vulnerability arises because stdout (fd 1) can be remapped to an arbitrary writable file descriptor via fcntl. After remapping, writes thro...

6.3CVSS5.9AI score0.00296EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/11 9:30 p.m.3 views

CVE-2026-32128 FastGPT Python Sandbox Bypass of File-Write Restriction

FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox fastgpt-sandbox includes guardrails intended to prevent file writes static detection + seccomp. These guardrails are bypassable by remapping stdout fd 1 to an arbitrary writable file descriptor using fcntl...

6.3CVSS5.9AI score0.00296EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

FastGPT 安全漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT 4.14.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the protective measures in the Python sandbox, which can be circumvented...

6.3CVSS5.8AI score0.00296EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-24852

FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox fastgpt-sandbox includes guardrails intended to prevent file writes static detection + seccomp. These guardrails are bypassable by remapping stdout fd 1 to an arbitrary writable file descriptor using fcntl...

6.3CVSS5.9AI score0.00296EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/14 1:27 a.m.6 views

CVE-2026-26075

FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain security issues. In addition to implementing internal network isolation in the deployment environment...

6.9CVSS5.5AI score0.00101EPSS
Exploits0References1
CVE
CVE
added 2026/02/12 9:42 p.m.13 views

CVE-2026-26075

CVE-2026-26075 affects FastGPT, where web page acquisition nodes (e.g., HTTP nodes) can initiate data acquisition requests from the server due to insufficient isolation; the issue is mitigated by deployment-time network isolation and stricter internal address checks. The advisory notes the fix is...

6.9CVSS5.5AI score0.00101EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/12 9:42 p.m.4 views

CVE-2026-26075 Cross-Site Request Forgery (CSRF) in FastGPT

FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain security issues. In addition to implementing internal network isolation in the deployment environment...

6.9CVSS5.5AI score0.00101EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/12 9:42 p.m.5 views

CVE-2026-26075

FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain security issues. In addition to implementing internal network isolation in the deployment environment...

6.9CVSS5.5AI score0.00101EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/12 9:42 p.m.23 views

CVE-2026-26075 Cross-Site Request Forgery (CSRF) in FastGPT

FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain security issues. In addition to implementing internal network isolation in the deployment environment...

6.9CVSS0.00101EPSS
Exploits0References2
OSV
OSV
added 2026/02/12 9:42 p.m.4 views

CVE-2026-26075 Cross-Site Request Forgery (CSRF) in FastGPT

FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain security issues. In addition to implementing internal network isolation in the deployment environment...

6.9CVSS5.5AI score0.00101EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.7 views

PT-2026-7911

FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain security issues. In addition to implementing internal network isolation in the deployment environment...

6.9CVSS5.5AI score0.00101EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.9 views

FastGPT 跨站请求伪造漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.14.7 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the fact that the web scraping node and HTTP nodes...

6.9CVSS5.8AI score0.00101EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/11 7:44 p.m.5 views

CVE-2026-26003

FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but ...

6.9CVSS5.5AI score0.0023EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 6:16 p.m.5 views

CVE-2026-26003

FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but ...

6.9CVSS0.0023EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/10 5:52 p.m.3 views

CVE-2026-26003 FastGPT Plugin forwarding request is not authenticated, posing a serious risk of attack

FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but ...

6.9CVSS5.5AI score0.0023EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/10 5:52 p.m.2 views

CVE-2026-26003

FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but ...

6.9CVSS5.5AI score0.0023EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/10 5:52 p.m.23 views

CVE-2026-26003 FastGPT Plugin forwarding request is not authenticated, posing a serious risk of attack

FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but ...

6.9CVSS0.0023EPSS
Exploits0References3
OSV
OSV
added 2026/02/10 5:52 p.m.5 views

CVE-2026-26003 FastGPT Plugin forwarding request is not authenticated, posing a serious risk of attack

FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but ...

6.9CVSS5.5AI score0.0023EPSS
Exploits0References5
CVE
CVE
added 2026/02/10 5:52 p.m.13 views

CVE-2026-26003

CVE-2026-26003 affects FastGPT versions 4.14.0–4.14.5, where an unauthenticated attacker can access the plugin system via FastGPT/api/plugin/xxx, potentially crashing the plugin system and causing loss of plugin installation status. The impact on confidentiality/integrity is limited, with availab...

6.9CVSS5.5AI score0.0023EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.7 views

PT-2026-7419

Name of the Vulnerable Software and Affected Versions FastGPT versions 4.14.0 through 4.14.5 Description FastGPT, an AI Agent building platform, has an issue where the plugin system can be accessed directly through the API endpoint /api/plugin/xxx without authentication. This affects versions...

6.9CVSS5.5AI score0.0023EPSS
Exploits0References7
Rows per page
Query Builder