CVE-2026-26075
MEDIUM WAF: Low
CVSS 5.4
Published: 2026-02-12
CWE-352
FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain security issues. In addition to implementing internal network isolation in the deployment environment, this optimization has added stricter internal network address detection. This vulnerability is fixed in 4.14.7.
WAF Coverage Analysis
Cross-Site Request Forgery (CSRF)
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| fastgpt | fastgpt | up to 4.14.7 |
References
- github.com (Product, Release Notes)
- github.com (Vendor Advisory)