Jinyimeng01

**Name of the Vulnerable Software and Affected Versions** FastGPT versions 4.14.10 through 4.14.12 **Description** The agent-sandbox component allows unauthenticated Remote Code Execution (RCE), which is the ability to execute arbitrary commands on a remote machine. The startup script `entrypoint.sh` initializes code-server with the `--auth none` flag and binds the service to all network interfaces at '0.0.0.0:8080'. This configuration enables any user with network access to the port to bypass authentication and gain full control over the sandbox environment. **Recommendations** Update to version 4.14.13.

**Name of the Vulnerable Software and Affected Versions** FastGPT versions prior to 4.14.13 **Description** The code-sandbox component in the AI Agent building platform has insufficient resource isolation and uncontrolled resource consumption. The service uses an application-level soft limit with a 500ms polling interval for memory management but lacks OS-level constraints like cgroups (control groups that limit, account for, and isolate resource usage) or kernel-level namespaces. This allows attackers to bypass memory checks using time-window attacks or exhaust the JavaScript worker pool through concurrent CPU-intensive requests, leading to a Denial of Service (DoS). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.