CVE-2026-4505 in DB-GPT
Summary
by MITRE • 03/20/2026
A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function module_plugin.refresh_plugins of the file packages/dbgpt-serve/src/dbgpt_serve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/27/2026
The vulnerability identified as CVE-2026-4505 represents a critical security flaw in the eosphoros-ai DB-GPT platform version 0.7.5 and earlier. This issue resides within the function module_plugin.refresh_plugins located in the file packages/dbgpt-serve/src/dbgpt_serve/agent/hub/controller.py of the FastAPI endpoint component. The flaw enables unrestricted file upload capabilities that can be exploited remotely by attackers. The vulnerability stems from inadequate input validation and sanitization mechanisms within the plugin refresh functionality, allowing malicious actors to upload arbitrary files to the system without proper authorization or restrictions. This represents a significant security risk as it bypasses normal file upload restrictions and validation controls that should normally prevent the deployment of potentially harmful content. The vulnerability has been publicly disclosed and is actively being used by threat actors, indicating that it has progressed beyond the initial discovery phase and poses an immediate threat to affected systems. The lack of vendor response to early disclosure attempts further compounds the risk, leaving organizations with no official patch or mitigation guidance from the software vendor. The FastAPI framework component is particularly vulnerable due to its handling of dynamic plugin loading and refresh operations, where the system fails to properly validate the file types and content being uploaded during the plugin refresh process.
The technical exploitation of this vulnerability occurs through the FastAPI endpoint's plugin management system, specifically targeting the refresh_plugins function which is designed to update and reload available plugins. Attackers can leverage this flaw to upload malicious files such as web shells, malicious scripts, or other harmful payloads that can be executed within the application's runtime environment. The unrestricted upload capability creates a pathway for persistent threats to establish footholds within the system, potentially leading to full system compromise. This vulnerability aligns with CWE-434 which defines unrestricted upload of file with dangerous type, and represents a direct violation of secure coding practices for file handling operations. The flaw operates at the application layer and can be exploited through network-based attacks without requiring local system access, making it particularly dangerous for remote attackers. The vulnerability's impact is amplified by the fact that it affects a core component of the platform's agent hub functionality, which typically handles critical operational tasks within the AI system.
The operational impact of this vulnerability extends beyond simple unauthorized file uploads to encompass potential system compromise, data exfiltration, and service disruption. Organizations utilizing eosphoros-ai DB-GPT versions 0.7.5 and earlier face significant risks including unauthorized access to sensitive data, potential lateral movement within network environments, and establishment of persistent backdoors. The vulnerability's remote exploitability means that attackers can target systems from anywhere on the internet without requiring physical access or prior authentication. This creates a substantial risk for organizations that have exposed the FastAPI endpoint to external networks or have not properly secured the plugin management interfaces. The disclosure of the exploit and its active use in the wild indicates that threat actors are actively targeting systems with this vulnerability, making immediate remediation essential. The lack of vendor response compounds the operational risk, as organizations cannot rely on official patches or security advisories from the software vendor.
Organizations affected by CVE-2026-4505 should implement immediate mitigations including network segmentation to restrict access to the FastAPI endpoints, implementing strict file type validation and content scanning for plugin uploads, and deploying web application firewalls to detect and block malicious upload attempts. The recommended approach involves disabling or restricting the plugin refresh functionality until proper security controls can be implemented, followed by thorough code review and input validation improvements. Security teams should monitor network traffic for suspicious file upload patterns and implement logging mechanisms to track plugin management activities. Additionally, organizations should consider implementing principle of least privilege controls for plugin management operations and establish regular security audits of the FastAPI endpoint configurations. The vulnerability demonstrates the importance of proper input validation and secure file handling practices as outlined in the OWASP Top Ten and MITRE ATT&CK framework's techniques for privilege escalation and persistence. Organizations should also consider implementing automated security scanning tools to identify similar vulnerabilities in other components of their software ecosystem and establish incident response procedures specifically tailored to handle such unrestricted upload scenarios.