Information Disclosure Vulnerability in FastGPT AI Application Platform
CVE-2026-54602
7.1HIGH
What is CVE-2026-54602?
FastGPT, a knowledge-based AI application platform, contains an information disclosure vulnerability that affects versions prior to 4.15.0. This vulnerability occurs when authenticated users can access LLM request and response traces simply by knowing the requestId. The malfunction lies in the API endpoint GET /api/core/ai/record/getRecord, which does not enforce team scoping when returning sensitive data, allowing users to read prompts and retrieved RAG chunks from other teams. This security flaw has been addressed in version 4.15.0, where proper scoping measures have been implemented to prevent unauthorized data access.
Affected Version(s)
FastGPT < 4.15.0
