CVE-2026-26003
Undergoing Analysis Undergoing Analysis - In Progress
Unauthorized Access to FastGPT Plugin System Causes Crash

Publication date: 2026-02-10

Last updated on: 2026-02-23

Assigner: GitHub, Inc.

Description
FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but it will not result in key leakage. For older versions, as there are only operation interfaces for obtaining information, the impact is almost negligible. This vulnerability is fixed in 4.14.5-fix.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-02-23
Generated
2026-06-16
AI Q&A
2026-02-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-26003
EUVD
EUVD-2026-6763
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
fastgpt fastgpt From 4.14.0 (inc) to 4.14.5 (exc)
fastgpt fastgpt 4.14.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-26003 is a critical vulnerability in the FastGPT AI Agent building platform versions 4.14.0 through 4.14.5. The issue arises because the plugin system endpoint FastGPT/api/plugin/xxx does not require authentication, allowing attackers to directly access the plugin system without any authorization.

This unauthorized access can cause the plugin system to crash and result in the loss of plugin installation status. However, it does not lead to leakage of sensitive keys. The vulnerability is due to a deprecated plugin forwarding interface that was removed in the fixed version 4.14.5-fix.

Impact Analysis

[{'type': 'paragraph', 'content': 'If you are running FastGPT versions 4.14.0 through 4.14.5, attackers can exploit this vulnerability to access the plugin system without authentication.'}, {'type': 'list_item', 'content': 'The plugin system may crash.'}, {'type': 'list_item', 'content': 'You may lose the status of installed plugins.'}, {'type': 'paragraph', 'content': "While this does not result in key leakage, the instability and loss of plugin installation status can disrupt your platform's functionality and reliability."}] [2]

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by checking if your FastGPT instance is exposing the unauthenticated plugin system endpoint at /api/plugin/xxx. Network monitoring or web server logs can be inspected for requests to paths matching /api/plugin/* that do not require authentication.

You can use commands like curl or wget to test if the endpoint is accessible without authentication. For example:

  • curl -i http://{FastGPT_host}/api/plugin/test
  • wget --spider http://{FastGPT_host}/api/plugin/test

If these commands return a response without requiring authentication or return plugin system data, the system is vulnerable.

Mitigation Strategies

Immediate mitigation steps include upgrading FastGPT to version 4.14.5-fix, which removes the vulnerable plugin forwarding interface and adds authentication checks.

Alternatively, if upgrading immediately is not possible, you should disable all requests to the /api/plugin/* endpoint on your FastGPT host by implementing gateway or firewall rules to block this traffic.

  • Upgrade FastGPT to version 4.14.5-fix.
  • Block or disable all incoming requests to the /api/plugin/* endpoint via gateway or firewall rules.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26003. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart