๐Ÿ” CVE Alert

CVE-2026-61643

MEDIUM 5.9

FastGPT: workflow runtime can execute another user's private HTTP toolset

CVSS Score
5.9
EPSS Score
0.0%
EPSS Percentile
0th

FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, an authenticated FastGPT user can save a workflow node that points to another user's private HTTP toolset by using a crafted saved tool id such as http-<victim_toolset_app_id>/<tool_name>. The normal toolset routes deny access, but the workflow save and runtime path did not apply the same authorization check to the referenced toolset, allowing /api/v2/chat/completions to resolve the saved reference and execute the victim-owned HTTP tool. This issue is fixed in version 4.15.0-beta5.

CWE CWE-863
Vendor labring
Product fastgpt
Published Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for labring fastgpt

Be the first to know when new medium vulnerabilities affecting labring fastgpt are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None

Affected Versions

labring / FastGPT
>= 4.14.17, < 4.15.0-beta5

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/labring/FastGPT/security/advisories/GHSA-93r3-wqq3-c5ch github.com: https://github.com/labring/FastGPT/releases/tag/v4.15.0-beta5