Vulnerability in Labring Fastgpt
CVE-2026-33075
FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pull_request_target (wh…
EPSS: 0.000 (5.5th percentile) — read the EPSS interpretation.
Affected products
- Labring Fastgpt — versions <= 4.14.8.3
Weakness classification (CWE)
References
- https://github.com/labring/FastGPT/security/advisories/GHSA-xfx8-w35j-485c (x_refsource_CONFIRM)