Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function module_plugin.refresh_plugins of the file packages/dbgpt-serve/src/dbgpt_serve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
An unrestricted file upload vulnerability exists in eosphoros-ai DB-GPT versions up to 0.7.5 within the module_plugin.refresh_plugins function of the FastAPI endpoint located at packages/dbgpt-serve/src/dbgpt_serve/agent/hub/controller.py. An authenticated attacker can remotely upload arbitrary files to the system, potentially achieving remote code execution or system compromise. A public proof-of-concept exploit is available on GitHub, and the vendor has not responded to early disclosure attempts, indicating patches may not be forthcoming.
Technical ContextAI
DB-GPT is a large language model framework built on FastAPI (a modern Python web framework). The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), representing a failure to properly validate file uploads at the application layer. The affected component is a FastAPI endpoint handler responsible for refreshing plugin modules, which apparently accepts and persists uploaded files without sufficient validation of file type, size, or content. The CPE cpe:2.3:a:eosphoros-ai:db-gpt:*:*:*:*:*:*:*:* indicates all versions up to 0.7.5 are in scope. The root cause is improper input validation and insufficient access controls on the upload mechanism, allowing authenticated users to bypass intended restrictions.
RemediationAI
Immediately upgrade eosphoros-ai DB-GPT to a version greater than 0.7.5 if available from the project repository (check https://github.com/eosphoros-ai/DB-GPT for releases). If no patched version is available due to vendor non-responsiveness, implement compensating controls: restrict network access to the FastAPI endpoint to trusted internal networks only, enforce authentication and authorization on all upload endpoints via reverse proxy rules, disable the module_plugin.refresh_plugins functionality if not operationally required, and implement strict file upload validation at the reverse proxy layer (block executable file types, enforce size limits, and scan uploads with antivirus/sandbox tools). Monitor audit logs for suspicious file uploads and consider containerizing DB-GPT deployments to limit blast radius of potential file-based exploits.
In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/agent/upload` is vulnerable to Arbitrary File Uplo
In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/sql/run` allows execution of arbitrary SQL queri
eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. Rated critical sev
In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. Rated c
eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file
A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt version 0.6.0 at the API endpoint `/v1/resource/file/de
eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems via the '/v1/agent/hub/up
In version 0.6.0 of eosphoros-ai/db-gpt, the `uvicorn` app created by `dbgpt_server` uses an overly permissive instance
SQL injection in eosphoros-ai db-gpt versions up to 0.7.5 allows unauthenticated remote attackers to manipulate the /api
In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/chart/run` allows execution of arbitrary SQL que
A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-13806