CVE-2026-33075

HIGH

FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml

Title source: cna

Description

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pull_request_target (which runs with access to repository secrets) but checks out code from the pull request author's fork, then builds and pushes Docker images using attacker-controlled Dockerfiles. This also enables a supply chain attack via the production container registry. A patch was not available at the time of publication.

References (1)

Core 1

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/labring/FastGPT/security/advisories/GHSA-xfx8-w35j-485c

Scores

CVSS v3 8.8

EPSS 0.0030

EPSS Percentile 21.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-829 CWE-494

Status published

Products (2)

fastgpt/fastgpt < 4.14.8.3

labring/FastGPT <= 4.14.8.3

Published Mar 20, 2026

Tracked Since Mar 20, 2026