Home

Description

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pull_request_target (which runs with access to repository secrets) but checks out code from the pull request author's fork, then builds and pushes Docker images using attacker-controlled Dockerfiles. This also enables a supply chain attack via the production container registry. A patch was not available at the time of publication.

PUBLISHED Reserved 2026-03-17 | Published 2026-03-20 | Updated 2026-03-20 | Assigner GitHub_M




CRITICAL: 9.4CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-494: Download of Code Without Integrity Check

CWE-829: Inclusion of Functionality from Untrusted Control Sphere

Product status

<= 4.14.8.3
affected

References

github.com/...astGPT/security/advisories/GHSA-xfx8-w35j-485c

cve.org (CVE-2026-33075)

nvd.nist.gov (CVE-2026-33075)

Download JSON