{"data":{"id":"951cc56e-1e99-46ed-a1ff-16f243acb287","title":"CVE-2026-42302: FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of","summary":"FastGPT versions 4.14.10 through 4.14.12 have a critical vulnerability in their agent-sandbox component that allows unauthenticated Remote Code Execution (RCE, where attackers can run commands on a system they don't own). The startup script runs code-server (a web-based code editor) with authentication disabled and opens it to all network interfaces, meaning anyone who can reach the server's port 8080 can take complete control of the sandbox environment.","solution":"Update to FastGPT version 4.14.13 or later, as this issue has been patched in that version.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-42302","publishedAt":"2026-05-08T23:16:36.640Z","cveId":"CVE-2026-42302","cweIds":["CWE-306"],"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["FastGPT"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0.00327,"patchAvailable":null,"disclosureDate":"2026-05-08T23:16:36.640Z","capecIds":["CAPEC-115"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}