← volver
CVE-2026-26075

Cross-Site Request Forgery (CSRF) in FastGPT

CVSS 6.9 MEDIUMEPSS 0.1%CWE-352
FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain security issues. In addition to implementing internal network isolation in the deployment environment, this optimization has added stricter internal network address detection. This vulnerability is fixed in 4.14.7.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Productos afectados
labring · FastGPT

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/labring/FastGPT/releases/tag/v4.14.7https://github.com/labring/FastGPT/security/advisories/GHSA-g345-7pqp-c395