CVE-2026-32128
Received Received - Intake
Sandbox Bypass in FastGPT Allows Arbitrary File Writes

Publication date: 2026-03-11

Last updated on: 2026-03-19

Assigner: GitHub, Inc.

Description
FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-sandbox) includes guardrails intended to prevent file writes (static detection + seccomp). These guardrails are bypassable by remapping stdout (fd 1) to an arbitrary writable file descriptor using fcntl. After remapping, writing via sys.stdout.write() still satisfies the seccomp rule write(fd==1), enabling arbitrary file creation/overwrite inside the sandbox container despite the intended no file writes restriction.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-19
Generated
2026-05-07
AI Q&A
2026-03-12
EPSS Evaluated
2026-05-05
NVD
CVE-2026-32128
EUVD
EUVD-2026-11408
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
fastgpt fastgpt to 4.14.7 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-184 The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in FastGPT's Python Sandbox (fastgpt-sandbox) version 4.14.7 and earlier. The sandbox includes guardrails designed to prevent file writes using static detection and seccomp rules. However, these protections can be bypassed by remapping the standard output (stdout, file descriptor 1) to an arbitrary writable file descriptor using the fcntl system call. After this remapping, writing through sys.stdout.write() still triggers the seccomp rule for writing to fd 1, allowing an attacker to create or overwrite arbitrary files inside the sandbox container despite the intended restriction against file writes.


How can this vulnerability impact me? :

This vulnerability allows an attacker with access to the FastGPT Python Sandbox to bypass file write restrictions and create or overwrite arbitrary files within the sandbox container. This can lead to unauthorized modification of files, potential data corruption, or persistence of malicious code inside the container environment. The impact includes confidentiality, integrity, and availability risks as indicated by the CVSS score.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart