CVE-2026-44287 | labring FastGPT up to 4.15.0-beta0 worker.ts child_process code injection (GHSA-f5mq-qxm4-5mvc)

A vulnerability was found in labring FastGPT up to 4.15.0-beta0. It has been rated as critical. This vulnerability affects unknown code of the file projects/code-sandbox/src/pool/worker.ts. This manipulation of the argument child_process causes code injection.

This vulnerability is handled as CVE-2026-44287. The attack can be initiated remotely. There is not any exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More