CVE-2026-26003

Name of the Vulnerable Software and Affected Versions FastGPT versions 4.14.0 through 4.14.5

Description FastGPT, an AI Agent building platform, has an issue where the plugin system can be accessed directly through the API endpoint /api/plugin/xxx without authentication. This affects versions 4.14.0 to 4.14.5 and could lead to the plugin system crashing and the loss of plugin installation status. Older versions are considered to have a negligible impact as they only offer information-gathering interfaces. The issue does not result in key leakage.

Recommendations Versions prior to 4.14.5-fix are affected.