CVE-2026-42302: FastGPT Agent Sandbox RCE
The National Vulnerability Database (NVD) reports a critical Remote Code Execution (RCE) vulnerability, CVE-2026-42302, affecting FastGPT, an AI Agent building platform. Specifically, FastGPT versions 4.14.10 through 4.14.12 are impacted. The flaw resides in the agent-sandbox component.
According to NVD, the entrypoint.sh startup script incorrectly initializes code-server with --auth none and binds it to 0.0.0.0:8080. This misconfiguration allows any attacker with network access to the port to bypass authentication entirely and gain full control over the sandbox environment. This isn’t some theoretical bypass; it’s a wide-open door.
This vulnerability carries a CVSSv3.1 score of 9.8 (CRITICAL), highlighting its severity. FastGPT has addressed this issue in version 4.14.13. Organizations leveraging FastGPT need to prioritize this patch immediately, as unauthenticated RCE is the kind of vulnerability that attackers salivate over.
What This Means For You
- If your organization uses FastGPT, particularly versions 4.14.10 to 4.14.12, you are directly exposed to unauthenticated Remote Code Execution. Your AI agent sandbox is effectively a public server. Patch to version 4.14.13 immediately. Verify network segmentation to restrict access to FastGPT's `agent-sandbox` component to only necessary internal systems.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-42302: FastGPT Agent Sandbox RCE via Unauthenticated Code-Server Access
title: CVE-2026-42302: FastGPT Agent Sandbox RCE via Unauthenticated Code-Server Access
id: scw-2026-05-08-ai-1
status: experimental
level: critical
description: |
Detects access to the FastGPT agent-sandbox component on port 8080, specifically targeting the code-server endpoint without authentication, which is the vulnerability exploited in CVE-2026-42302. This indicates an unauthenticated attempt to gain control over the sandbox environment.
author: SCW Feed Engine (AI-generated)
date: 2026-05-08
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-42302/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/agent-sandbox/'
cs-uri-query|contains:
- 'code-server'
dst_port:
- 8080
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-42302 | RCE | FastGPT versions 4.14.10 to 4.14.12 |
| CVE-2026-42302 | Auth Bypass | FastGPT agent-sandbox component |
| CVE-2026-42302 | Misconfiguration | code-server initialized with --auth none and bound to 0.0.0.0:8080 in entrypoint.sh |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 09, 2026 at 02:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-6667 — PgBouncer before 1.25.2 did not perform an appropriate
CVE-2026-6667 — PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console...
CVE-2026-6666 — A possible null pointer reference in PgBouncer before
CVE-2026-6666 — A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE...
PgBouncer SCRAM Vulnerability (CVE-2026-6665) Allows Stack Overflow
CVE-2026-6665 — The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM...