CVE-2026-42302

Name of the Vulnerable Software and Affected Versions FastGPT versions 4.14.10 through 4.14.12

Description The agent-sandbox component allows unauthenticated Remote Code Execution (RCE), which is the ability to execute arbitrary commands on a remote machine. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to all network interfaces at '0.0.0.0:8080'. This configuration enables any user with network access to the port to bypass authentication and gain full control over the sandbox environment.

Recommendations Update to version 4.14.13.