An unauthenticated remote code execution vulnerability in the FastGPT agent-sandbox allows attackers to gain full control over the host environment.

The entrypoint.sh script incorrectly initializes code-server with --auth none and binds it to all network interfaces, allowing unauthenticated remote access to the sandbox environment.

With a CVSS score of 9.8, this vulnerability allows for complete system compromise, enabling attackers to execute arbitrary code, steal sensitive data, or pivot into internal infrastructure. This poses a catastrophic risk to confidentiality, integrity, and availability of the platform.

Immediate Action: Upgrade FastGPT to version 4.14.13 or later to ensure proper authentication is enforced on the agent-sandbox.

Proactive Monitoring: Review system and network access logs for unauthorized connections to port 8080 or suspicious process execution originating from the sandbox.

Compensating Controls: Immediately restrict network access to the sandbox port (8080) via firewall rules to allow only authorized administrative IPs.

Public Exploit Available: No

The ease of exploitation for this RCE makes it a priority for immediate remediation. Administrators should treat this as a high-urgency update to prevent unauthorized code execution and complete system takeover.