CVE-2026-54602
CVE-2026-54602 — FastGPT : A cross-team information disclosure via GET /api/core/ai/record/getRecord existed prior to version 4.15.0. The endpoint authenticated users but loaded LLM request/response traces by requestId without team scoping, allowing any authenticated user to read another team’s p...