Skip to main content

FastGPT CVE-2026-54602

| EUVDEUVD-2026-42117 HIGH
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-07-07 GitHub_M
7.1
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Authenticated low-privilege user (PR:L) reads other tenants' data over the network with no UI; confidentiality-only impact, no integrity/availability effect and unchanged scope.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 07, 2026 - 23:01 EUVD
Analysis Generated
Jul 07, 2026 - 22:07 vuln.today

DescriptionCVE.org

FastGPT is a knowledge-based AI application platform. Prior to 4.15.0, GET /api/core/ai/record/getRecord authenticates the caller but loads LLM request and response traces only by requestId without team scoping, allowing any authenticated user to read another team's prompts, retrieved RAG chunks, and completions if the requestId is known. This issue is fixed in version 4.15.0.

AnalysisAI

Broken object-level authorization in FastGPT before 4.15.0 lets any authenticated user retrieve another team's LLM interaction traces via GET /api/core/ai/record/getRecord. The endpoint verifies the caller is logged in but fetches records solely by requestId without checking team ownership, exposing cross-tenant prompts, retrieved RAG chunks, and model completions to any user who can guess or obtain a valid requestId. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege FastGPT account
Delivery
Discover or guess target team's requestId
Exploit
Call GET /api/core/ai/record/getRecord with that ID
Execution
Server returns trace without team check
Impact
Exfiltrate cross-team prompts, RAG chunks, completions

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated FastGPT account (PR:L per CVSS) and knowledge of a valid requestId belonging to another team, targeting the GET /api/core/ai/record/getRecord endpoint on any FastGPT instance prior to 4.15.0 operating with multiple teams/tenants. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N, VC:H only) yields 7.1 and accurately reflects a confidentiality-only, network-reachable, low-privilege issue with no integrity or availability impact - consistent with the description. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A user on Team A signs up for or already holds a low-privilege FastGPT account on a shared instance, then calls GET /api/core/ai/record/getRecord with a requestId belonging to Team B - obtained by guessing, enumeration, or from leaked logs/links. Because the server never checks team ownership, it returns Team B's full LLM trace, disclosing confidential prompts, proprietary RAG source chunks, and model completions. …
Remediation Vendor-released patch: upgrade to FastGPT 4.15.0 or later, which adds team scoping to the record lookup (fixing commit 60c62b7af8269c826885b541bb56e6e5c424c11a; advisory GHSA-6vx6-f72r-74cg). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all FastGPT instances, document versions, and determine if multi-tenant deployments exist; notify security and engineering leadership. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-52552 MEDIUM POC
6.1 Jun 21

FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable t

CVE-2026-34162 CRITICAL
10.0 Mar 31

Unauthenticated HTTP proxy abuse in FastGPT (AI Agent platform) prior to v4.14.9.5 allows remote attackers to relay arbi

CVE-2026-42302 CRITICAL
9.8 May 08

FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of

CVE-2026-40351 CRITICAL
9.8 Apr 17

NoSQL injection in FastGPT <4.14.9.5 password authentication allows unauthenticated remote attackers to bypass login con

CVE-2026-50562 CRITICAL
9.3 Jul 15

GitHub Actions artifact-poisoning (pwn request) in labring/FastGPT allows an external attacker who opens a pull request

CVE-2026-40352 HIGH
8.8 Apr 17

NoSQL injection in FastGPT versions before 4.14.9.5 allows authenticated attackers to bypass password verification on th

CVE-2026-61684 HIGH
8.8 Jul 15

Authentication bypass in FastGPT 4.15.0-beta4 lets unauthenticated remote attackers forge JWTs and access internal plugi

CVE-2026-55418 HIGH
8.6 Jul 07

Cross-tenant file disclosure in FastGPT prior to v4.15.0-beta5 allows an attacker to read another team's stored files by

CVE-2026-54607 HIGH
7.7 Jul 07

Server-side request forgery in FastGPT before 4.15.0-beta4 lets an authenticated team member abuse the HTTP-tool OpenAPI

CVE-2026-44285 HIGH
7.7 May 29

Server-Side Request Forgery in Labring FastGPT prior to 4.15.0-beta1 lets an authenticated attacker bypass the platform'

CVE-2026-42345 HIGH
7.7 May 08

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packa

CVE-2026-61644 HIGH
7.7 Jul 15

Cross-tenant data disclosure in FastGPT 4.14.17 through 4.15.0-beta5 lets a low-privileged tenant user read another tena

Share

CVE-2026-54602 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy