CVE-2026-26075
Undergoing Analysis Undergoing Analysis - In Progress
Internal Network Access Vulnerability in FastGPT Data Acquisition Nodes

Publication date: 2026-02-12

Last updated on: 2026-02-23

Assigner: GitHub, Inc.

Description
FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain security issues. In addition to implementing internal network isolation in the deployment environment, this optimization has added stricter internal network address detection. This vulnerability is fixed in 4.14.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-12
Last Modified
2026-02-23
Generated
2026-05-27
AI Q&A
2026-02-13
EPSS Evaluated
2026-05-25
NVD
CVE-2026-26075
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
fastgpt fastgpt to 4.14.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability in FastGPT relates to its web page acquisition nodes and HTTP nodes, which need to initiate data acquisition requests from the server. Despite implementing internal network isolation and stricter internal network address detection, certain security issues remain in these components. This vulnerability has been addressed and fixed in version 4.14.7.


How can this vulnerability impact me? :

This vulnerability could potentially allow unauthorized or insecure data acquisition requests within the internal network, possibly leading to exposure or misuse of internal resources. Given the CVSS base score of 6.9, it represents a moderate to high risk, indicating that exploitation could impact confidentiality and integrity to some extent.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, it is recommended to implement internal network isolation in the deployment environment and apply stricter internal network address detection as described.

Additionally, upgrading FastGPT to version 4.14.7 or later will fix this vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart