CVE-2026-42302 – FastGPT

CVSS 9.8 CRITICAL

“An open port with no authentication is an open door to full system control.”

This patch addresses a critical remote code execution vulnerability in FastGPT affecting versions 4.14.10 through 4.14.12. The issue stems from a misconfigured code-server instance in the agent-sandbox component, which is exposed without authentication and bound to all network interfaces. This allows any remote attacker to access the service and execute arbitrary code.

CVE-2026-42302 has a CVSS score of 9.8, which is Critical severity. Proof-of-concept exploitation has been confirmed, significantly increasing the risk of real-world attacks. The vulnerability enables complete compromise of the sandbox environment and potentially the underlying system.

Key Details

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
CWE Classification: CWE-306

Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.

CVE-2026-42302 – FastGPT

Key Details

Stay Tuned

PLATFORM

SOLUTIONS

RESOURCES

COMPANY

LEGAL

CONTACTS

+1-346-444-8530

Toll Free: 833-444-8530

708 Main St, 10th FL, Houston, TX 77002