CVE-2026-26003 is an open redirect vulnerability (CWE-601) affecting labring's FastGPT platform, specifically versions from 4.14.0 up to but not including 4.14.5-fix. FastGPT is an AI Agent building platform that includes a plugin system accessible via API endpoints. The vulnerability allows unauthenticated attackers to access the plugin system API at FastGPT/api/plugin/xxx directly. This unauthorized access can cause the plugin system to crash, resulting in loss of plugin installation status, which may disrupt platform functionality. However, the vulnerability does not expose sensitive keys or credentials, limiting the confidentiality impact. Older versions prior to 4.14.0 expose only information retrieval interfaces, making the impact negligible. The vulnerability is exploitable remotely without authentication or user interaction, with low attack complexity. The CVSS 4.0 vector indicates network attack vector (AV:N), no privileges required (PR:N), no user interaction (UI:N), and limited scope (S:L), resulting in a medium severity score of 6.9. The issue was published on February 10, 2026, and no known exploits have been reported in the wild. The vendor fixed the vulnerability in version 4.14.5-fix. The root cause is an open redirect flaw that allows redirection to untrusted sites, which can be leveraged to cause denial of service by crashing the plugin system or potentially facilitate phishing or other social engineering attacks by redirecting users to malicious sites.

For European organizations using FastGPT versions between 4.14.0 and 4.14.5-fix, this vulnerability could disrupt AI agent operations by crashing the plugin system and causing loss of plugin installation status, potentially impacting business processes relying on these AI agents. Although no direct data leakage or key compromise occurs, the denial of service effect could degrade service availability and reliability. Organizations integrating FastGPT into critical workflows may experience operational interruptions. Additionally, the open redirect aspect could be abused in phishing campaigns targeting employees or partners, increasing the risk of social engineering attacks. The impact is more significant for organizations with heavy reliance on AI automation and plugin extensibility. However, since exploitation requires no authentication and no user interaction, the attack surface is broad, increasing the likelihood of opportunistic attacks. The absence of known exploits reduces immediate risk but does not eliminate it, especially as attackers may develop exploits over time.

European organizations should immediately upgrade FastGPT to version 4.14.5-fix or later to remediate this vulnerability. Until patching is complete, network-level controls such as web application firewalls (WAFs) should be configured to restrict access to the FastGPT/api/plugin/ endpoints, allowing only trusted IP addresses or internal network segments. Monitoring and alerting should be enhanced for unusual API access patterns or plugin system crashes. Organizations should review plugin usage and backup plugin installation states regularly to enable rapid recovery if crashes occur. Security teams should educate users about phishing risks related to open redirects and implement email filtering to detect malicious URLs. Additionally, organizations should conduct penetration testing focused on API endpoints to identify similar vulnerabilities. Vendor communication channels should be monitored for further updates or patches. Finally, consider isolating FastGPT instances in segmented network zones to limit exposure.