Fastgpt
CVE-2026-42302
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionGitHub Advisory
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to all network interfaces (0.0.0.0:8080). This configuration allows any user with network access to the port to bypass authentication and gain full control over the sandbox environment. This issue has been patched in version 4.14.13.
Analysis
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to all network interfaces (0.0.0.0:8080). This configuration allows any user with network access to the port to bypass authentication and gain full control over the sandbox environment. This issue has been patched in version 4.14.13.
FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable t
Unauthenticated HTTP proxy abuse in FastGPT (AI Agent platform) prior to v4.14.9.5 allows remote attackers to relay arbi
NoSQL injection in FastGPT <4.14.9.5 password authentication allows unauthenticated remote attackers to bypass login con
GitHub Actions artifact-poisoning (pwn request) in labring/FastGPT allows an external attacker who opens a pull request
NoSQL injection in FastGPT versions before 4.14.9.5 allows authenticated attackers to bypass password verification on th
Authentication bypass in FastGPT 4.15.0-beta4 lets unauthenticated remote attackers forge JWTs and access internal plugi
Cross-tenant file disclosure in FastGPT prior to v4.15.0-beta5 allows an attacker to read another team's stored files by
Server-side request forgery in FastGPT before 4.15.0-beta4 lets an authenticated team member abuse the HTTP-tool OpenAPI
Server-Side Request Forgery in Labring FastGPT prior to 4.15.0-beta1 lets an authenticated attacker bypass the platform'
FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packa
Cross-tenant data disclosure in FastGPT 4.14.17 through 4.15.0-beta5 lets a low-privileged tenant user read another tena
Broken object-level authorization in FastGPT before 4.15.0 lets any authenticated user retrieve another team's LLM inter
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today