CVE-2026-42343: FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insuffi
Summary
FastGPT, a platform for building AI agents, has a vulnerability in versions 4.14.13 and earlier where its code-sandbox component (a container that safely runs code in isolation) lacks proper resource limits. Attackers can exploit this by sending requests that consume excessive memory or CPU, bypassing the weak 500ms polling interval check and causing the service to crash for legitimate users (a Denial of Service attack). The vulnerability exists because the system relies only on software-level checks instead of operating system-level safeguards like cgroups (Linux tools that restrict resource usage).
Vulnerability Details
EPSS: 0.0%
May 8, 2026
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-42343
First tracked: May 9, 2026 at 02:12 AM
Classified by LLM (prompt v3) · confidence: 95%