CVE-2026-4505
Received Received - Intake
Unrestricted File Upload in eosphoros-ai DB-GPT FastAPI Endpoint

Publication date: 2026-03-20

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function module_plugin.refresh_plugins of the file packages/dbgpt-serve/src/dbgpt_serve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-20
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-20
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4505
EUVD
EUVD-2026-13806
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ka7arotto db-gpt to 0.7.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-4505 is a remote code execution vulnerability in DB-GPT versions up to 0.7.5, specifically in the plugin upload feature accessible via a FastAPI endpoint. The vulnerability arises because the system performs an insufficient Abstract Syntax Tree (AST) based security check on uploaded plugin code, which attackers can bypass by uploading malicious Python files.'}, {'type': 'paragraph', 'content': 'The attack flow involves an attacker uploading a malicious plugin ZIP file containing harmful Python code. Although the filename is sanitized, the actual plugin code content is not properly validated. When the plugin is loaded and executed during the refresh process, the malicious code runs with the privileges of the DB-GPT process.'}, {'type': 'paragraph', 'content': "This allows attackers to execute arbitrary Python code remotely without authentication, potentially gaining access to sensitive system files, environment variables, credentials, and the ability to maintain persistence or move laterally within the victim's network."}] [1]

Impact Analysis

This vulnerability can have serious impacts including remote execution of arbitrary code with the privileges of the DB-GPT process, which is often root in containerized environments.

  • Attackers can access sensitive system files and environment variables.
  • Attackers can steal credentials stored or accessible by the DB-GPT process.
  • Attackers can establish persistence on the affected system.
  • Attackers can pivot within the victim’s network to compromise additional systems.

The exploit requires only a single HTTP request to the vulnerable upload endpoint and does not require any special authentication, making it easy to exploit remotely and silently.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by monitoring for HTTP POST requests to the FastAPI endpoint `/v1/personal/agent/upload`, which is used for plugin uploads in DB-GPT versions up to 0.7.5.

Detection can involve checking for the presence of suspicious plugin ZIP files containing Python modules, especially those with an `__init__.py` file that executes shell commands or writes unexpected files.

A practical detection method is to look for unexpected files created by the exploit, such as files named `/tmp/rce_<timestamp>.txt` inside the system or container running DB-GPT.

  • Use network monitoring tools or web server logs to identify POST requests to `/v1/personal/agent/upload`.
  • On the affected system, run commands to check for suspicious files, for example: `ls /tmp/rce_*.txt`.
  • Inspect uploaded plugin files for malicious content, especially Python files with unexpected code execution.
Mitigation Strategies

Immediate mitigation steps include disabling or restricting access to the vulnerable plugin upload endpoint `/v1/personal/agent/upload` to prevent unauthorized uploads.

If possible, restrict network access to the DB-GPT service to trusted users only, using firewall rules or network segmentation.

Monitor and remove any suspicious plugins or files that may have been uploaded exploiting this vulnerability.

Consider running DB-GPT with the least privileges possible to limit the impact of any potential exploit.

Since the vendor has not responded, watch for any patches or updates and apply them as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4505. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart