← voltar
CVE-2026-26075

Cross-Site Request Forgery (CSRF) in FastGPT

CVSS 6.9 MEDIUMEPSS 0.1%CWE-352
FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain security issues. In addition to implementing internal network isolation in the deployment environment, this optimization has added stricter internal network address detection. This vulnerability is fixed in 4.14.7.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Produtos afetados
labring · FastGPT

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/labring/FastGPT/releases/tag/v4.14.7https://github.com/labring/FastGPT/security/advisories/GHSA-g345-7pqp-c395