📦 Fastgpt

FastGPT versions before 4.14.7 have insufficient internal network address validation in web page acquisition and HTTP nodes, allowing potential cross-site request forgery (CSRF) attacks. This affects ...

CVE-2025-62612 is a Server-Side Request Forgery (SSRF) vulnerability in FastGPT's workflow file reading node that allows attackers to make unauthorized network requests from the vulnerable server. Thi...

FastGPT versions before 4.9.12 have an open redirect and DOM-based XSS vulnerability in the LastRoute parameter on the login page. Attackers can execute malicious JavaScript in users' browsers or redi...

CVE-2025-49131 is a sandbox escape vulnerability in FastGPT's sandbox container that allows attackers to break out of the isolated execution environment. This enables arbitrary file read/write operati...

FastGPT's web crawling plugin lacks intranet IP verification, allowing attackers to make requests to internal network resources. This could expose private intranet data through server-side request for...