Insufficient Resource Isolation in FastGPT AI Agent Building Platform
CVE-2026-42343

6.3MEDIUM

Key Information:

Vendor: Labring
Status: Fastgpt
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-42343?

The FastGPT platform, an AI agent building tool, has a significant architectural vulnerability related to its code-sandbox component. In versions up to 4.14.13, the system's resource management is inadequately handled, relying on a mere application-level soft limit for memory management. This allows an attacker to circumvent memory checks through time-window attacks or to consume excessive resources via multiple CPU-intensive requests. Consequently, this leads to a Denial of Service, rendering the platform unusable for legitimate users. As of now, there are no publicly disclosed patches available to address this issue.

Affected Version(s)

FastGPT <= 4.14.13

References

https://github.com/labring/FastGPT/security/advisories/GH...

x_refsource_CONFIRM

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
Apr 26, 2026

CVE-2026-42343 Data

JSON

Labring

What is CVE-2026-42343?

Affected Version(s)

References

CVSS V4

Timeline