๐Ÿ” CVE Alert

CVE-2026-50562

UNKNOWN 0.0

FastGPT: Untrusted PR artifacts are pushed and deployed by privileged preview workflows

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged workflow_run jobs in .github/workflows/preview-docs-push.yml and .github/workflows/preview-fastgpt-push.yml, allowing attacker-controlled Docker images from the document/ tree or FastGPT build context to be pushed to GHCR and, for documentation previews, deployed with secrets.KUBE_CONFIG_CN.

CWE CWE-266 CWE-494 CWE-829
Vendor labring
Product fastgpt
Published Jul 15, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for labring fastgpt

Be the first to know when new unknown vulnerabilities affecting labring fastgpt are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

labring / FastGPT
<= 22ebfacbb43311e9b73294040ae0eb87390c6bba

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/labring/FastGPT/security/advisories/GHSA-rvgc-2c29-g876