Skip to main content

Fastgpt CVE-2026-42302

CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-05-08 GitHub_M
9.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 08, 2026 - 22:05 nvd
CRITICAL 9.8

DescriptionGitHub Advisory

FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to all network interfaces (0.0.0.0:8080). This configuration allows any user with network access to the port to bypass authentication and gain full control over the sandbox environment. This issue has been patched in version 4.14.13.

Analysis

FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to all network interfaces (0.0.0.0:8080). This configuration allows any user with network access to the port to bypass authentication and gain full control over the sandbox environment. This issue has been patched in version 4.14.13.

CVE-2025-52552 MEDIUM POC
6.1 Jun 21

FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable t

CVE-2026-34162 CRITICAL
10.0 Mar 31

Unauthenticated HTTP proxy abuse in FastGPT (AI Agent platform) prior to v4.14.9.5 allows remote attackers to relay arbi

CVE-2026-40351 CRITICAL
9.8 Apr 17

NoSQL injection in FastGPT <4.14.9.5 password authentication allows unauthenticated remote attackers to bypass login con

CVE-2026-50562 CRITICAL
9.3 Jul 15

GitHub Actions artifact-poisoning (pwn request) in labring/FastGPT allows an external attacker who opens a pull request

CVE-2026-40352 HIGH
8.8 Apr 17

NoSQL injection in FastGPT versions before 4.14.9.5 allows authenticated attackers to bypass password verification on th

CVE-2026-61684 HIGH
8.8 Jul 15

Authentication bypass in FastGPT 4.15.0-beta4 lets unauthenticated remote attackers forge JWTs and access internal plugi

CVE-2026-55418 HIGH
8.6 Jul 07

Cross-tenant file disclosure in FastGPT prior to v4.15.0-beta5 allows an attacker to read another team's stored files by

CVE-2026-54607 HIGH
7.7 Jul 07

Server-side request forgery in FastGPT before 4.15.0-beta4 lets an authenticated team member abuse the HTTP-tool OpenAPI

CVE-2026-44285 HIGH
7.7 May 29

Server-Side Request Forgery in Labring FastGPT prior to 4.15.0-beta1 lets an authenticated attacker bypass the platform'

CVE-2026-42345 HIGH
7.7 May 08

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packa

CVE-2026-61644 HIGH
7.7 Jul 15

Cross-tenant data disclosure in FastGPT 4.14.17 through 4.15.0-beta5 lets a low-privileged tenant user read another tena

CVE-2026-54602 HIGH
7.1 Jul 07

Broken object-level authorization in FastGPT before 4.15.0 lets any authenticated user retrieve another team's LLM inter

Share

CVE-2026-42302 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy