FastGPT — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in FastGPT, with AI-generated Chinese analysis, references, and POCs.

Vendor: labring

CVE ID	Title	CVSS	Severity	Paused
CVE-2026-40352	FastGPT: NoSQL Injection in updatePasswordByOld Leads to Account Takeover CWE-943	8.8	High	2026-04-17
CVE-2026-40351	FastGPT: NoSQL Injection in loginByPassword leads to Authentication Bypass CWE-943	9.8	Critical	2026-04-17
CVE-2026-40252	Broken Access Control (IDOR) Leading to Cross-Tenant Application Access in FastGPT CWE-284	8.8	-	2026-04-10
CVE-2026-40100	FastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTERNAL_IP default CWE-918	5.3	Medium	2026-04-10
CVE-2026-34162	FastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft CWE-306	10.0	Critical	2026-03-31
CVE-2026-34163	Server-Side Request Forgery via MCP Tools Endpoint in FastGPT CWE-918	7.7	High	2026-03-31
CVE-2026-33075	FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml CWE-494	7.5	-	2026-03-20
CVE-2026-32128	FastGPT Python Sandbox Bypass of File-Write Restriction CWE-184	6.3	Medium	2026-03-11
CVE-2026-26075	Cross-Site Request Forgery (CSRF) in FastGPT CWE-352	5.3^AI	Medium^AI	2026-02-12
CVE-2026-26003	FastGPT Plugin forwarding request is not authenticated, posing a serious risk of attack CWE-601	6.5^AI	Medium^AI	2026-02-10
CVE-2025-62612	FastGPT File Reading Node SSRF Vulnerability CWE-918	9.1^AI	Critical^AI	2025-10-22
CVE-2025-52552	FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS CWE-601	6.1^AI	Medium^AI	2025-06-21
CVE-2025-49131	FastGPT Sandbox Vulnerable to Sandbox Bypass CWE-732	6.3	Medium	2025-06-09
CVE-2025-27600	FastGPT SSRF CWE-918	7.5	-	2025-03-06

All 14 known CVE vulnerabilities affecting FastGPT with full Chinese analysis, references, and POCs where available.