CVE-2026-61644
FastGPT contains a cross-tenant data disclosure in POST /api/core/chat/record/getCollectionQuote. From 4.14.17 through 4.15.0-beta5, the initialId center-node lookup is not bound to the caller’s authenticated chat/collection context, allowing a low-privileged tenant to supply attacker-owned appId...