CSRF in Labring Fastgpt

CVE-2026-26075

FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain security issues. In addition to implementin…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.000 (5.6th percentile) — read the EPSS interpretation.

Affected products

Labring Fastgpt — versions < 4.14.7

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

https://github.com/labring/FastGPT/security/advisories/GHSA-g345-7pqp-c395 (x_refsource_CONFIRM)
https://github.com/labring/FastGPT/releases/tag/v4.14.7 (x_refsource_MISC)