Description
FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to all network interfaces (0.0.0.0:8080). This configuration allows any user with network access to the port to bypass authentication and gain full control over the sandbox environment. This issue has been patched in version 4.14.13.
Published: 2026-05-08
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from the agent-sandbox component of FastGPT, where the startup script initializes code-server with authentication disabled and binds the service to all network interfaces. As a result, any user who can reach the exposed port can bypass any authentication mechanism, execute arbitrary code, and take full control of the sandbox environment. The flaw, listed as CWE-306, permits unauthenticated remote code execution.

Affected Systems

Versions of FastGPT from 4.14.10 up to, but excluding, 4.14.13 of the agent-sandbox are affected. Vendors such as labring:FastGPT are impacted by this misconfiguration.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity. While an EPSS score is not available, the absence of a KEV listing does not reduce the risk inherent in an unauthenticated RCE. Attackers would need network access to the exposed port; the vulnerability is network-based and does not require prior authentication.

Generated by OpenCVE AI on May 8, 2026 at 23:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FastGPT to version 4.14.13 or later to apply the vendor patch that removes the unauthenticated code-server configuration.
  • If an upgrade is not immediately possible, restrict access to port 8080 by placing the service behind a firewall or reverse proxy that enforces authentication.
  • Verify that code-server is started with authentication enabled (e.g., remove or disable the --auth none flag) and that it does not bind to all network interfaces.

Generated by OpenCVE AI on May 8, 2026 at 23:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Labring
Labring fastgpt
Vendors & Products Labring
Labring fastgpt

Fri, 08 May 2026 22:30:00 +0000

Type Values Removed Values Added
Description FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to all network interfaces (0.0.0.0:8080). This configuration allows any user with network access to the port to bypass authentication and gain full control over the sandbox environment. This issue has been patched in version 4.14.13.
Title FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Labring Fastgpt
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-08T22:05:49.460Z

Reserved: 2026-04-26T12:13:55.552Z

Link: CVE-2026-42302

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T23:16:36.640

Modified: 2026-05-08T23:16:36.640

Link: CVE-2026-42302

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T23:30:15Z

Weaknesses