{"data":{"id":"e3957cb2-3807-4c71-9869-f3b437033a0c","title":"CVE-2026-26003: FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through","summary":"FastGPT (an AI platform for building AI agents) versions 4.14.0 to 4.14.5 have a vulnerability where attackers can access the plugin system without authentication by directly calling certain API endpoints, potentially crashing the plugin system and causing users to lose their plugin installation data, though not exposing sensitive keys. This vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 6.9, which is considered medium severity.","solution":"This vulnerability is fixed in version 4.14.5-fix. Users should upgrade to this patched version.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-26003","publishedAt":"2026-02-10T18:16:39.107Z","cveId":"CVE-2026-26003","cweIds":["CWE-601"],"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["FastGPT"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00078,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}