๐Ÿ” CVE Alert

CVE-2026-54607

HIGH 7.7

FastGPT: SSRF in HTTP-tool OpenAPI schema importer via SwaggerParser $ref (bypasses the isInternalAddress guard)

CVSS Score
7.7
EPSS Score
0.2%
EPSS Percentile
15th

FastGPT is a knowledge-based AI application platform. Prior to 4.15.0-beta4, the HTTP-tool OpenAPI schema importer validates only the top-level URL before passing it to SwaggerParser.bundle, whose remote reference resolver fetches $ref URLs without FastGPT's internal-address guard and returns fetched content inline, allowing an authenticated team member to read internal services or cloud metadata. This issue is fixed in version 4.15.0-beta4.

CWE CWE-918
Vendor labring
Product fastgpt
Published Jul 7, 2026
Last Updated Jul 8, 2026
Stay Ahead of the Next One

Get instant alerts for labring fastgpt

Be the first to know when new high vulnerabilities affecting labring fastgpt are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Affected Versions

labring / FastGPT
< 4.15.0-beta4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/labring/FastGPT/security/advisories/GHSA-72hf-5382-2mq9 github.com: https://github.com/labring/FastGPT/pull/7073 github.com: https://github.com/labring/FastGPT/commit/1d7b8768aecd53ae59372fd68b10af0e80722c79 github.com: https://github.com/labring/FastGPT/releases/tag/v4.15.0-beta4