Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-42302: FastGPT versions 4.14.10 to 4.14.12: Unauthenticated access to AI Agent
CVE-2026-42302
Summary
FastGPT's AI Agent building platform has a security issue from version 4.14.10 to 4.14.12. This means that anyone with access to the network can potentially take control of the AI Agent without needing a password. To fix this, update to version 4.14.13 or later.
Original title
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The st...
Original description
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to all network interfaces (0.0.0.0:8080). This configuration allows any user with network access to the port to bypass authentication and gain full control over the sandbox environment. This issue has been patched in version 4.14.13.
nvd CVSS3.1
9.8
Vulnerability type
CWE-306
Missing Authentication for Critical Function
Published: 8 May 2026 · Updated: 28 May 2026 · First seen: 8 May 2026