CVE-2026-42343

UNKNOWN 0.0

FastGPT: Uncontrolled Resource Consumption leading to Sandbox Exhaustion

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation and uncontrolled resource consumption. The service relies solely on an application-level soft limit (a 500ms polling interval) for memory management and lacks strict OS-level constraints such as cgroups or kernel-level namespaces. This architectural weakness allows attackers to easily bypass memory checks via time-window attacks, or exhaust the entire JavaScript worker pool via concurrent CPU-intensive requests, resulting in a complete Denial of Service (DoS) for legitimate users. At time of publication, there are no publicly available patches.

CWE	CWE-400
Vendor	labring
Product	fastgpt
Published	May 8, 2026

Stay Ahead of the Next One

Get instant alerts for labring fastgpt

Be the first to know when new unknown vulnerabilities affecting labring fastgpt are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

labring / FastGPT

<= 4.14.13

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/labring/FastGPT/security/advisories/GHSA-qv7v-r94x-6x3x