CVE-2026-26075 – FastGPT versions before 4.14.7 have insufficien... (How to Fix)

Q: What is the severity of CVE-2026-26075?

CVE-2026-26075 has a CVSS score of 5.4 (MEDIUM). FastGPT versions before 4.14.7 have insufficient internal network address validation in web page acquisition and HTTP nodes, allowing potential cross-site request forgery (CSRF) attacks. This affects organizations using FastGPT for AI agent building where these nodes can be manipulated to access internal network resources. The vulnerability requires attackers to trick authenticated users into performing unintended actions.

📋 TL;DR

FastGPT versions before 4.14.7 have insufficient internal network address validation in web page acquisition and HTTP nodes, allowing potential cross-site request forgery (CSRF) attacks. This affects organizations using FastGPT for AI agent building where these nodes can be manipulated to access internal network resources. The vulnerability requires attackers to trick authenticated users into performing unintended actions.

💻 Affected Systems

Products:

FastGPT

Versions: All versions before 4.14.7

Operating Systems: All platforms running FastGPT

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects deployments using web page acquisition nodes, HTTP nodes, or similar data acquisition features that initiate requests from the server.

📦 What is this software?

Fastgpt by Fastgpt

View all CVEs affecting Fastgpt →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could exploit CSRF to make FastGPT nodes access internal network services, potentially leading to data exfiltration, internal service compromise, or lateral movement within the network.

🟠

Likely Case

Attackers could manipulate FastGPT to make unauthorized requests to internal APIs or services, potentially accessing sensitive data or performing actions with the permissions of the compromised FastGPT instance.

🟢

If Mitigated

With proper network segmentation and CSRF protections, the impact is limited to the specific FastGPT instance's permissions and network access.

🌐 Internet-Facing: MEDIUM - Internet-facing FastGPT instances are vulnerable to CSRF attacks, but exploitation requires tricking authenticated users.

🏢 Internal Only: LOW - Internal-only deployments reduce external attack surface, though internal threats could still exploit the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires CSRF conditions - attacker must trick authenticated user into interacting with malicious content. No public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.14.7

Vendor Advisory: https://github.com/labring/FastGPT/security/advisories/GHSA-g345-7pqp-c395

Restart Required: No

Instructions:

1. Backup your FastGPT configuration and data. 2. Update FastGPT to version 4.14.7 or later using your deployment method (Docker, Kubernetes, etc.). 3. Verify the update completed successfully. 4. Test critical functionality.

🔧 Temporary Workarounds

Implement Network Segmentation

all

Isolate FastGPT instances from sensitive internal networks using firewalls or network policies.

Enable CSRF Protections

all

Implement additional CSRF tokens and same-origin policies in web applications interacting with FastGPT.

🧯 If You Can't Patch

Implement strict network segmentation to limit FastGPT's access to only necessary internal resources
Disable or restrict web page acquisition and HTTP nodes in FastGPT configuration if not required

🔍 How to Verify

Check if Vulnerable:

Check FastGPT version via web interface or configuration files. If version is below 4.14.7 and using data acquisition nodes, the system is vulnerable.

Check Version:

docker exec fastgpt_container cat /app/package.json | grep version (for Docker deployments) or check FastGPT web interface settings

Verify Fix Applied:

Confirm FastGPT version is 4.14.7 or higher. Test that web page acquisition and HTTP nodes properly validate internal network addresses.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests from FastGPT to internal network addresses
Failed internal network access attempts from FastGPT nodes

Network Indicators:

Unexpected outbound connections from FastGPT to internal services
HTTP requests to internal IPs from FastGPT server

SIEM Query:

source="fastgpt" AND (dest_ip=10.* OR dest_ip=172.16.* OR dest_ip=192.168.*) AND action="http_request"

📊 Metadata

CVE ID: CVE-2026-26075

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE: CWE-352

EPSS Score: 0.02% exploit probability (4.4th percentile)

Published: February 12, 2026

Last Updated: February 23, 2026

🔗 References

https://github.com/labring/FastGPT/releases/tag/v4.14.7 Product,Release Notes
https://github.com/labring/FastGPT/security/advisories/GHSA-g345-7pqp-c395 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-26075, you might also want to check these: