What is CVE-2026-42302?

CVE-2026-42302 is a critical-severity vulnerability in Labring Fastgpt, classified under Missing Authentication for Critical Function. CVSS score: 9.8/10. Published 2026-05-08.

How severe is CVE-2026-42302?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Auth bypass in Labring Fastgpt

CVE-2026-42302

FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The startup script entrypoint.sh initializes cod…

Vulnerability class: Broken Authentication

EPSS: 0.005 (66.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Labring Fastgpt — versions >= 4.14.10, < 4.14.13

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-42302?: CVE-2026-42302 is a critical-severity vulnerability in Labring Fastgpt, classified under Missing Authentication for Critical Function. CVSS score: 9.8/10. Published 2026-05-08.
How severe is CVE-2026-42302?: Critical severity. CVSS v3 base score is 9.8 out of 10.