CVE-2026-26003

FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but ...

CVE-2026-26003 FastGPT Plugin forwarding request is not authenticated, posing a serious risk of attack

FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but ...

CVE-2026-26003 FastGPT Plugin forwarding request is not authenticated, posing a serious risk of attack

FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but ...

CVE-2026-26003

CVE-2026-26003 affects FastGPT versions 4.14.0–4.14.5, where an unauthenticated attacker can access the plugin system via FastGPT/api/plugin/xxx, potentially crashing the plugin system and causing loss of plugin installation status. The impact on confidentiality/integrity is limited, with availab...

CVE-2026-26003 FastGPT Plugin forwarding request is not authenticated, posing a serious risk of attack

FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but ...

PT-2026-7419

Name of the Vulnerable Software and Affected Versions FastGPT versions 4.14.0 through 4.14.5 Description FastGPT, an AI Agent building platform, has an issue where the plugin system can be accessed directly through the API endpoint /api/plugin/xxx without authentication. This affects versions...

FastGPT 输入验证错误漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models, developed by Labring. In versions 4.14.0 to 4.14.5 of FastGPT, there is a vulnerability related to input validation errors. This vulnerability stems from the direct access to the plugin system witho...

EUVD-2024-47536

Malicious code in bioql PyPI...

HSTS long filename clears contents

When saving HSTS data to an excessively long filename, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...