CVE-2026-42343

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.14.13

Description The code-sandbox component in the AI Agent building platform has insufficient resource isolation and uncontrolled resource consumption. The service uses an application-level soft limit with a 500ms polling interval for memory management but lacks OS-level constraints like cgroups (control groups that limit, account for, and isolate resource usage) or kernel-level namespaces. This allows attackers to bypass memory checks using time-window attacks or exhaust the JavaScript worker pool through concurrent CPU-intensive requests, leading to a Denial of Service (DoS).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.