Code Injection Vulnerability in FastGPT by Labring
CVE-2026-50562
9.3CRITICAL
What is CVE-2026-50562?
FastGPT, a knowledge-based AI application platform, has a vulnerability that allows attacker-controlled Docker images to be deployed via untrusted pull request artifacts. In specific workflows, privileged jobs can download these artifacts, enabling potential exploitation with access to sensitive secrets. This issue affects the integrity and confidentiality of the deployment process and requires immediate attention to secure the environment.
Affected Version(s)
FastGPT <= 22ebfacbb43311e9b73294040ae0eb87390c6bba
