{"data":{"id":"c93fba65-a5a0-46ad-a656-63411ad8eb71","title":"CVE-2026-42343: FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insuffi","summary":"FastGPT, a platform for building AI agents, has a vulnerability in versions 4.14.13 and earlier where its code-sandbox component (a container that safely runs code in isolation) lacks proper resource limits. Attackers can exploit this by sending requests that consume excessive memory or CPU, bypassing the weak 500ms polling interval check and causing the service to crash for legitimate users (a Denial of Service attack). The vulnerability exists because the system relies only on software-level checks instead of operating system-level safeguards like cgroups (Linux tools that restrict resource usage).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-42343","publishedAt":"2026-05-08T23:16:37.050Z","cveId":"CVE-2026-42343","cweIds":["CWE-400"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["FastGPT"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00042,"patchAvailable":null,"disclosureDate":"2026-05-08T23:16:37.050Z","capecIds":["CAPEC-125","CAPEC-130"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}