CVE-2026-26075
Undergoing Analysis Undergoing Analysis - In Progress
Internal Network Access Vulnerability in FastGPT Data Acquisition Nodes

Publication date: 2026-02-12

Last updated on: 2026-02-23

Assigner: GitHub, Inc.

Description
FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain security issues. In addition to implementing internal network isolation in the deployment environment, this optimization has added stricter internal network address detection. This vulnerability is fixed in 4.14.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-12
Last Modified
2026-02-23
Generated
2026-06-16
AI Q&A
2026-02-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-26075
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
fastgpt fastgpt to 4.14.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in FastGPT relates to its web page acquisition nodes and HTTP nodes, which need to initiate data acquisition requests from the server. Despite implementing internal network isolation and stricter internal network address detection, certain security issues remain in these components. This vulnerability has been addressed and fixed in version 4.14.7.

Impact Analysis

This vulnerability could potentially allow unauthorized or insecure data acquisition requests within the internal network, possibly leading to exposure or misuse of internal resources. Given the CVSS base score of 6.9, it represents a moderate to high risk, indicating that exploitation could impact confidentiality and integrity to some extent.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, it is recommended to implement internal network isolation in the deployment environment and apply stricter internal network address detection as described.

Additionally, upgrading FastGPT to version 4.14.7 or later will fix this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26075. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart