Description
FastGPT is an open source AI knowledge base platform. From 4.14.17 to before 4.15.0-beta4, FastGPT allows an authenticated tenant user to call POST /api/core/dataset/collection/create/reTrainingCollection in a way that persists a server-owned datasetId value from another tenant. This creates mixed dataset objects and downstream dataset, collection, and training endpoints then make authorization decisions from inconsistent ownership anchors, allowing cross-tenant read, update, and delete access when mixed object ids are known. This issue is fixed in version 4.15.0-beta4.
Published: 2026-07-07
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

FastGPT contains a flaw in the reTrainingCollection endpoint that allows an authenticated tenant user to override a server‑owned datasetId with a value from another tenant. The vulnerable code persists this mixed datasetId, causing downstream dataset, collection, and training services to base authorization on inconsistent ownership anchors. As a result, a malicious user can read, update, or delete data belonging to other tenants when object IDs are known. This weakness is classified as CWE‑915, a server‑side data fencing bypass.

Affected Systems

The vulnerability affects the FastGPT platform developed by labring. Versions from 4.14.17 up to, but not including, 4.15.0‑beta4 are impacted. The issue was addressed in release 4.15.0‑beta4 and later versions remain unaffected.

Risk and Exploitability

With a CVSS score of 6.3 the severity is moderate, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is the documented API endpoint, which requires authentication but offers the ability to override tenant‑specific data identifiers. Exploitation requires knowledge of target tenant IDs and access to the API but does not rely on additional conditions beyond standard authentication.

Generated by OpenCVE AI on July 8, 2026 at 15:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to FastGPT version 4.15.0‑beta4 or later to apply the vendor fix.
  • Disable or restrict access to the /api/core/dataset/collection/create/reTrainingCollection endpoint for non‑administrative users as an interim safeguard.
  • Audit existing dataset collections for mixed datasetId entries and correct any cross‑tenant assignments before applying the upgrade.

Generated by OpenCVE AI on July 8, 2026 at 15:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 07 Jul 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Labring
Labring fastgpt
Vendors & Products Labring
Labring fastgpt

Tue, 07 Jul 2026 21:45:00 +0000

Type Values Removed Values Added
Description FastGPT is an open source AI knowledge base platform. From 4.14.17 to before 4.15.0-beta4, FastGPT allows an authenticated tenant user to call POST /api/core/dataset/collection/create/reTrainingCollection in a way that persists a server-owned datasetId value from another tenant. This creates mixed dataset objects and downstream dataset, collection, and training endpoints then make authorization decisions from inconsistent ownership anchors, allowing cross-tenant read, update, and delete access when mixed object ids are known. This issue is fixed in version 4.15.0-beta4.
Title FastGPT: reTrainingCollection allows server-owned datasetId override causing cross-tenant authorization confusion
Weaknesses CWE-915
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-07-08T13:53:13.863Z

Reserved: 2026-06-15T19:45:23.539Z

Link: CVE-2026-54601

cve-icon Vulnrichment

Updated: 2026-07-08T13:53:08.712Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T15:45:03Z

Weaknesses
  • CWE-915

    Improperly Controlled Modification of Dynamically-Determined Object Attributes