OpenAPI Schema Importer Vulnerability in FastGPT AI Application Platform
CVE-2026-54607

7.7HIGH

Key Information:

Vendor

Labring

Status
Vendor
CVE Published:
7 July 2026

What is CVE-2026-54607?

FastGPT, an AI application platform, is affected by a vulnerability in its HTTP-tool OpenAPI schema importer. Before version 4.15.0-beta4, the importer only validates the top-level URL. Consequently, when this URL is processed by the SwaggerParser.bundle's remote reference resolver, it fetches references without adequate internal-address protection. This flaw allows an authenticated user to access internal services and potentially expose cloud metadata. The issue has been remediated in version 4.15.0-beta4.

Affected Version(s)

FastGPT < 4.15.0-beta4

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.