threat
engine
.sh
Back
·
··:··
Home
/
Product
/
fastgpt
Product
fastgpt
14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-40352
< 4.14.9.5
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injec
8.8
HIGH
CVE-2026-40351
< 4.14.9.5
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type as
9.8
CRITICAL
CVE-2026-40252
< 4.14.10.4
FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability (IDOR/BOLA) allows any authentic
8.1
HIGH
CVE-2026-40100
< 4.14.10.3
FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs w
5.3
MEDIUM
CVE-2026-34163
< 4.14.9.5
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP (Model Context Protocol) tools endpoints (/api/
7.7
HIGH
CVE-2026-34162
< 4.14.9.5
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTo
10.0
CRITICAL
CVE-2026-33075
<= 4.14.8.3
FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to
8.8
HIGH
CVE-2026-32128
<= 4.14.7
FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-sandbox) includes guardrails in
6.3
MEDIUM
CVE-2026-26075
< 4.14.7
FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to init
5.4
MEDIUM
CVE-2026-26003
>= 4.14.0 and < 4.14.5
FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/a
5.4
MEDIUM
CVE-2025-62612
< 4.11.1
FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not secu
5.3
MEDIUM
CVE-2025-52552
< 4.9.12
FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open red
6.1
MEDIUM
CVE-2025-49131
< 4.9.11
FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversa
6.3
MEDIUM
CVE-2025-27600
< 4.9.0
FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification,
6.5
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin