CVE-2026-55418 - FastGPT: S3 presign/read handlers do not bind the object key to the caller's team (cross-team file disclosure)
CVE ID :CVE-2026-55418 Published : July 7, 2026, 10:16 p.m. | 58 minutes ago Description :FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from...