CVE-2026-4505 | eosphoros-ai DB-GPT up to 0.7.5 FastAPI Endpoint controller.py module_plugin.refresh_plugins unrestricted upload

A vulnerability described as critical has been identified in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function module_plugin.refresh_plugins of the file packages/dbgpt-serve/src/dbgpt_serve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upload.

This vulnerability is referenced as CVE-2026-4505. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4505 | eosphoros-ai DB-GPT up to 0.7.5 FastAPI Endpoint controller.py module_plugin.refresh_plugins unrestricted upload

Post correlati

CVE-2024-13834 | cyberchimps Responsive Plus Plugin up to 3.1.4 on WordPress Setting remote_request server-side request forgery

CVE-2024-47415 | Adobe Animate up to 23.0.7/24.0.4 use after free (apsb24-76)

CVE-2024-39753 | Trend Micro Apex One modOSCE sql injection

CVE-2026-0015 | Google Android 14/15/16/16-qpr2 AppOpsService.java denial of service