OpenAPI Schema Importer Vulnerability in FastGPT AI Application Platform
CVE-2026-54607
7.7HIGH
What is CVE-2026-54607?
FastGPT, an AI application platform, is affected by a vulnerability in its HTTP-tool OpenAPI schema importer. Before version 4.15.0-beta4, the importer only validates the top-level URL. Consequently, when this URL is processed by the SwaggerParser.bundle's remote reference resolver, it fetches references without adequate internal-address protection. This flaw allows an authenticated user to access internal services and potentially expose cloud metadata. The issue has been remediated in version 4.15.0-beta4.
Affected Version(s)
FastGPT < 4.15.0-beta4
