CVE-2026-33075

FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml

Assigner: GitHub_M
Reserved: 17.03.2026 Published: 20.03.2026 Updated: 20.03.2026

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pull_request_target (which runs with access to repository secrets) but checks out code from the pull request author's fork, then builds and pushes Docker images using attacker-controlled Dockerfiles. This also enables a supply chain attack via the production container registry. A patch was not available at the time of publication.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CVSS Score: 9.4

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	High
Attack Complexity	Low	Integrity	High	Integrity	High
Attack Requirements	None	Availability	High	Availability	High
Privileges Required	Low
User Interaction	None

CVSS 4.0

Product Status

Vendor	labring
Product	FastGPT
Versions	Version <= 4.14.8.3 is affected

Vendor

labring

Product

FastGPT

Versions

Version <= 4.14.8.3 is affected

References

Problem Types

CWE-494: Download of Code Without Integrity Check CWE
CWE-829: Inclusion of Functionality from Untrusted Control Sphere CWE

CVE-2026-33075 PUBLISHED

FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml

Metrics

Product Status

References

Problem Types