CNNVD-202602-2062 Information

CNNVD ID

CNNVD-202602-2062

Related CVE

CVE-2026-26075

• CNNVD Published: 2026-02-12

Description (Chinese)

FastGPT是labring开源的一款基于大语言模型的开源知识库问答系统。 FastGPT 4.14.7之前版本存在跨站请求伪造漏洞，该漏洞源于网页采集节点和HTTP节点需要从服务器发起数据采集请求，存在安全风险。

Description (English)

FastGPT is an open-source knowledge base question-and-answer system based on a large-language model of the labring open source. The pre-FastGPT 4.14.7 version had a false gap in cross-site requests, which arose from the need to initiate data collection requests from servers at the web-page collection node and at the HTTP node, and the security risk.

Vulnerability Type

跨站请求伪造

Affected Vendor

labring

Published

2026-02-12

Last Modified

2026-02-24

References

https://github.com/labring/FastGPT/releases/tag/v4.14.7 https://github.com/labring/FastGPT/security/advisories/GHSA-g345-7pqp-c395

Patch

https://github.com/labring/FastGPT/releases