Code Injection Vulnerability in FastGPT by Labring
CVE-2026-50562

9.3CRITICAL

Key Information:

Vendor

Labring

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-50562?

FastGPT, a knowledge-based AI application platform, has a vulnerability that allows attacker-controlled Docker images to be deployed via untrusted pull request artifacts. In specific workflows, privileged jobs can download these artifacts, enabling potential exploitation with access to sensitive secrets. This issue affects the integrity and confidentiality of the deployment process and requires immediate attention to secure the environment.

Affected Version(s)

FastGPT <= 22ebfacbb43311e9b73294040ae0eb87390c6bba

References

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.