Home / Vulnerability Intelligence / CVE-2026-42302

CVE-2026-42302 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: May 8, 2026

FastGPT - Remote Code Execution

Published: May 8, 2026Updated: May 8, 2026Remote Exploitable

Overview

FastGPT 4.14.10 to <4.14.13 contains a remote code execution caused by insecure startup script configuration in agent-sandbox component, letting unauthenticated attackers with network access execute arbitrary code remotely.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Unauthenticated attackers can execute arbitrary code remotely, gaining full control over the sandbox environment.

Mitigation

Update to version 4.14.13 or later.

References

https://github.com/labring/FastGPT/releases/tag/v4.14.13
https://github.com/labring/FastGPT/security/advisories/GHSA-34rc-438g-7w78
https://github.com/labring/FastGPT/commit/9d1cafce9241430fb5bcdd646455055c5f4ae0a4
https://github.com/labring/FastGPT/pull/6781

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-42302
Severity: Critical
CVSS Score: 9.8
Type: remote_code_execution
Status: new

CWE

CWE-306

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H