Skip to main content

FastGPT EUVDEUVD-2026-42114

| CVE-2026-54601 MEDIUM
Improperly Controlled Modification of Dynamically-Determined Object Attributes (CWE-915)
2026-07-07 GitHub_M
6.3
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
6.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
vuln.today AI
6.3 MEDIUM

Network-accessible API requiring authenticated tenant (PR:L); S:U retained as cross-tenant impact stays within the FastGPT application boundary; C/I/A:L reflects partial data access across tenant lines.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Patch available
Jul 07, 2026 - 23:01 EUVD
Analysis Generated
Jul 07, 2026 - 22:12 vuln.today

DescriptionCVE.org

FastGPT is an open source AI knowledge base platform. From 4.14.17 to before 4.15.0-beta4, FastGPT allows an authenticated tenant user to call POST /api/core/dataset/collection/create/reTrainingCollection in a way that persists a server-owned datasetId value from another tenant. This creates mixed dataset objects and downstream dataset, collection, and training endpoints then make authorization decisions from inconsistent ownership anchors, allowing cross-tenant read, update, and delete access when mixed object ids are known. This issue is fixed in version 4.15.0-beta4.

AnalysisAI

Cross-tenant authorization bypass in FastGPT (versions 4.14.17 through pre-4.15.0-beta4) permits an authenticated tenant user to inject a foreign tenant's datasetId via the POST /api/core/dataset/collection/create/reTrainingCollection endpoint, corrupting ownership anchors in persisted dataset objects. Downstream dataset, collection, and training endpoints then derive authorization decisions from these poisoned records, granting the attacker cross-tenant read, update, and delete access to another tenant's data. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privilege tenant user
Delivery
POST reTrainingCollection with foreign tenant's datasetId
Exploit
Mixed-ownership object persisted in datastore
Execution
Call downstream dataset or collection API endpoints
Persist
Authorization evaluated against corrupted ownership anchor
Impact
Read, modify, or delete victim tenant data

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid authenticated tenant user account (CVSS PR:L confirmed) on a FastGPT deployment running versions 4.14.17 through pre-4.15.0-beta4. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS 3.1 score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) is consistent with the real-world risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a valid low-privilege tenant account on a shared FastGPT instance sends a crafted POST request to /api/core/dataset/collection/create/reTrainingCollection, substituting the datasetId payload field with an identifier belonging to a victim tenant obtained through enumeration or prior reconnaissance. The persisted mixed-ownership collection object causes subsequent calls to dataset, collection, and training endpoints to pass authorization checks using the victim tenant's ownership anchor, enabling the attacker to read sensitive knowledge base content, alter training data, or delete collections belonging to the victim tenant without ever directly authenticating as them.
Remediation Upgrade to FastGPT version 4.15.0-beta4 or later; the patched release is available at https://github.com/labring/FastGPT/releases/tag/v4.15.0-beta4 and the fix was introduced via pull request #7071 (commit 54a53e7d4399f1dfa2913394442c3cf6de672fb3). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-52552 MEDIUM POC
6.1 Jun 21

FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable t

CVE-2026-34162 CRITICAL
10.0 Mar 31

Unauthenticated HTTP proxy abuse in FastGPT (AI Agent platform) prior to v4.14.9.5 allows remote attackers to relay arbi

CVE-2026-42302 CRITICAL
9.8 May 08

FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of

CVE-2026-40351 CRITICAL
9.8 Apr 17

NoSQL injection in FastGPT <4.14.9.5 password authentication allows unauthenticated remote attackers to bypass login con

CVE-2026-50562 CRITICAL
9.3 Jul 15

GitHub Actions artifact-poisoning (pwn request) in labring/FastGPT allows an external attacker who opens a pull request

CVE-2026-40352 HIGH
8.8 Apr 17

NoSQL injection in FastGPT versions before 4.14.9.5 allows authenticated attackers to bypass password verification on th

CVE-2026-61684 HIGH
8.8 Jul 15

Authentication bypass in FastGPT 4.15.0-beta4 lets unauthenticated remote attackers forge JWTs and access internal plugi

CVE-2026-55418 HIGH
8.6 Jul 07

Cross-tenant file disclosure in FastGPT prior to v4.15.0-beta5 allows an attacker to read another team's stored files by

CVE-2026-54607 HIGH
7.7 Jul 07

Server-side request forgery in FastGPT before 4.15.0-beta4 lets an authenticated team member abuse the HTTP-tool OpenAPI

CVE-2026-44285 HIGH
7.7 May 29

Server-Side Request Forgery in Labring FastGPT prior to 4.15.0-beta1 lets an authenticated attacker bypass the platform'

CVE-2026-42345 HIGH
7.7 May 08

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packa

CVE-2026-61644 HIGH
7.7 Jul 15

Cross-tenant data disclosure in FastGPT 4.14.17 through 4.15.0-beta5 lets a low-privileged tenant user read another tena

Share

EUVD-2026-42114 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy