CVE-2026-55418

Source
https://cve.org/CVERecord?id=CVE-2026-55418
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-55418.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-55418
Aliases
  • GHSA-6rxv-p43w-mmx5
Published
2026-07-07T21:18:45.315Z
Modified
2026-07-11T03:54:16.188570320Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
Summary
FastGPT: S3 presign/read handlers do not bind the object key to the caller's team (cross-team file disclosure)
Details

FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request, without checking that the key belongs to the caller's team. Because S3 object keys are global within the bucket and carry the tenant id only as a path segment, an attacker can supply another team's key and obtain its file contents through the chat-file presign endpoint or dataset preview endpoint. This issue is fixed in version v4.15.0-beta5.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-639"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/55xxx/CVE-2026-55418.json"
}
References

Affected packages

Git / github.com/labring/fastgpt

Affected ranges

Type
GIT
Repo
https://github.com/labring/fastgpt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.15.0-beta5"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

4.*
4.8.9-alpha
Other
delete
v0.*
v0.9
v1.*
v1.2
v1.4
v2.*
v2.0
v2.1
v2.2
v2.3
v2.4
v2.5
v2.6
v2.7
v2.7.1
v2.7.2
v2.8
v2.8.5
v2.9
v3.*
v3.0
v3.1
v3.2
v3.3
v3.4
v3.5
v3.7
v3.7.1
v3.7.3
v3.8
v3.8.1
v3.8.3
v3.8.4
v3.8.5
v3.8.6
v3.8.7
v3.8.8
v3.8.9
v3.9
v3.9.1
v3.9.2
v3.9.3
v3.9.4
v4.*
v4.0-beta
v4.10.0
v4.10.0-fix
v4.10.1
v4.10.1-alpha
v4.10.1-fix
v4.10.1-fix2
v4.10.1-fix3
v4.11.0
v4.11.1
v4.11.1-fix
v4.11.1-fix2
v4.11.1-fix3
v4.12.0
v4.12.1
v4.12.1-fix
v4.12.2
v4.12.2-fix
v4.12.2-fix2
v4.12.2-fix3
v4.12.3
v4.12.4
v4.13.0
v4.13.0-fix
v4.13.1
v4.13.2
v4.14.0
v4.14.0-fix
v4.14.1
v4.14.10.1
v4.14.10.2
v4.14.10.3
v4.14.10.4
v4.14.11
v4.14.12
v4.14.13
v4.14.2
v4.14.2-fix
v4.14.3
v4.14.4
v4.14.4-cve
v4.14.5-fix
v4.14.5.1
v4.14.6
v4.14.6.1
v4.14.7
v4.14.7.1
v4.14.7.2
v4.14.8
v4.14.8.1
v4.14.8.2
v4.14.8.3
v4.14.9
v4.14.9.1
v4.14.9.2
v4.14.9.3
v4.14.9.4
v4.14.9.5
v4.15.0-beta1
v4.15.0-beta2
v4.15.0-beta3
v4.15.0-beta4
v4.2
v4.2.1
v4.2.2
v4.3
v4.4.2
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.5
v4.5.1
v4.5.2
v4.6
v4.6.1
v4.6.1-alpha
v4.6.2
v4.6.2-alpha
v4.6.3
v4.6.3-alpha
v4.6.4
v4.6.4-alpha
v4.6.5
v4.6.5-alpha
v4.6.5-alpha2
v4.6.6
v4.6.6-alpha
v4.6.6-alpha2
v4.6.7
v4.6.7-alpha
v4.6.7-fix
v4.6.8
v4.6.8-alpha
v4.6.9
v4.6.9-alpha
v4.6.9-alpha2
v4.7
v4.7-alpha
v4.7-alpha2
v4.7-alpha3
v4.7.1
v4.7.1-alpha
v4.7.1-alpha2
v4.7.1-alpha3
v4.7.1-fix
v4.7.1-fix2
v4.8
v4.8-alpha
v4.8-alpha2
v4.8-alpha3
v4.8-preview
v4.8-preview2
v4.8-preview3
v4.8-preview4
v4.8.1
v4.8.1-alpha
v4.8.10
v4.8.10-alpha
v4.8.10-alpha2
v4.8.10-fix
v4.8.10-fix2
v4.8.11
v4.8.11-alpha
v4.8.11-alpha2
v4.8.11-beta
v4.8.11-fix
v4.8.12
v4.8.12-alpha
v4.8.12-beta
v4.8.12-fix
v4.8.13
v4.8.13-fix
v4.8.14
v4.8.14-alpha
v4.8.14-fix
v4.8.14-milvus-fix
v4.8.15
v4.8.15-alpha
v4.8.15-alpha2
v4.8.15-alpha3
v4.8.15-fix
v4.8.15-fix-emb-page
v4.8.15-fix2
v4.8.15-fix3
v4.8.16
v4.8.16-alpha
v4.8.16-beta
v4.8.17
v4.8.17-alpha
v4.8.17-fix-title
v4.8.18
v4.8.18-fix
v4.8.18-fix2
v4.8.19
v4.8.19-beta
v4.8.2
v4.8.20-fix
v4.8.20-fix2
v4.8.21
v4.8.21-fix
v4.8.22
v4.8.22-alpha
v4.8.23
v4.8.23-alpha
v4.8.23-fix
v4.8.23-fix2
v4.8.3
v4.8.4
v4.8.4-alpha
v4.8.4-fix
v4.8.5
v4.8.5-alpha
v4.8.6
v4.8.6-alpha
v4.8.6-alpha2
v4.8.7
v4.8.7-alpha
v4.8.7-alpha2
v4.8.8
v4.8.8-alpha
v4.8.8-alpha2
v4.8.8-fix
v4.8.8-fix2
v4.8.9
v4.8.9-alpha
v4.8.9-test
v4.9.0
v4.9.0-fix
v4.9.0-fix2
v4.9.1-fix
v4.9.1-fix2
v4.9.10
v4.9.10-alpha
v4.9.10-fix
v4.9.10-fix2
v4.9.11
v4.9.11-alpha
v4.9.12
v4.9.12-alpha
v4.9.13
v4.9.14
v4.9.14-fix
v4.9.2
v4.9.3
v4.9.4
v4.9.5
v4.9.5-alpha
v4.9.6
v4.9.6-alpha
v4.9.7
v4.9.7-alpha
v4.9.7-fix
v4.9.7-fix2
v4.9.8
v4.9.8-alpha
v4.9.9
v4.9.9-alpha

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-55418.json"