Security: labring/FastGPT
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Unauthenticated cross-tenant data access via forgeable plugin-invoke JWT (default INVOKE_TOKEN_SECRET='token')GHSA-w732-rq8c-chc8 published
Jun 23, 2026 by c121914yuLow -
Shared axios SSRF guard validates only the initial URL before following redirectsGHSA-g969-67mv-2qxq published
Jul 1, 2026 by c121914yuModerate -
Python Code-Sandbox Escape to OS Command Execution via __subclasses__ AST-Check Bypass in FastGPTGHSA-5jmh-5f2m-89jg published
Jul 1, 2026 by c121914yuHigh -
FastGPT: reTrainingCollection allows server-owned datasetId override causing cross-tenant authorization confusionGHSA-qxcq-48gr-93pj published
Jul 1, 2026 by c121914yuModerate -
FastGPT: /api/core/chat/record/getCollectionQuote can disclose cross-tenant dataset text due to an unbound initialId lookupGHSA-mmg6-2g54-j896 published
Jul 1, 2026 by c121914yuHigh -
SSRF in HTTP-tool OpenAPI schema importer via SwaggerParser $ref (bypasses the isInternalAddress guard)GHSA-72hf-5382-2mq9 published
Jul 1, 2026 by c121914yuHigh -
S3 presign/read handlers do not bind the object key to the caller's team (cross-team file disclosure)GHSA-6rxv-p43w-mmx5 published
Jul 1, 2026 by c121914yuHigh -
FastGPT: workflow runtime can execute another user's private HTTP toolsetGHSA-93r3-wqq3-c5ch published
Jul 1, 2026 by c121914yuModerate -
Cross-team LLM request/response disclosure (IDOR) via /api/core/ai/record/getRecordGHSA-6vx6-f72r-74cg published
Jul 1, 2026 by c121914yuLow -
Untrusted PR artifacts are pushed and deployed by privileged preview workflowsGHSA-rvgc-2c29-g876 published
May 26, 2026 by c121914yuModerate