CVE-2026-26075 | THREATINT

Description

FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain security issues. In addition to implementing internal network isolation in the deployment environment, this optimization has added stricter internal network address detection. This vulnerability is fixed in 4.14.7.

PUBLISHED Reserved 2026-02-10 | Published 2026-02-12 | Updated 2026-02-13 | Assigner GitHub_M

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-352: Cross-Site Request Forgery (CSRF)

Product status

< 4.14.7

affected

References

github.com/...astGPT/security/advisories/GHSA-g345-7pqp-c395

github.com/labring/FastGPT/releases/tag/v4.14.7

cve.org (CVE-2026-26075)

nvd.nist.gov (CVE-2026-26075)

Download JSON