CVE-2026-32128
Received Received - Intake
Sandbox Bypass in FastGPT Allows Arbitrary File Writes

Publication date: 2026-03-11

Last updated on: 2026-03-19

Assigner: GitHub, Inc.

Description
FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-sandbox) includes guardrails intended to prevent file writes (static detection + seccomp). These guardrails are bypassable by remapping stdout (fd 1) to an arbitrary writable file descriptor using fcntl. After remapping, writing via sys.stdout.write() still satisfies the seccomp rule write(fd==1), enabling arbitrary file creation/overwrite inside the sandbox container despite the intended no file writes restriction.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-19
Generated
2026-06-16
AI Q&A
2026-03-12
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32128
EUVD
EUVD-2026-11408
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
fastgpt fastgpt to 4.14.7 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-184 The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in FastGPT's Python Sandbox (fastgpt-sandbox) version 4.14.7 and earlier. The sandbox includes guardrails designed to prevent file writes using static detection and seccomp rules. However, these protections can be bypassed by remapping the standard output (stdout, file descriptor 1) to an arbitrary writable file descriptor using the fcntl system call. After this remapping, writing through sys.stdout.write() still triggers the seccomp rule for writing to fd 1, allowing an attacker to create or overwrite arbitrary files inside the sandbox container despite the intended restriction against file writes.

Impact Analysis

This vulnerability allows an attacker with access to the FastGPT Python Sandbox to bypass file write restrictions and create or overwrite arbitrary files within the sandbox container. This can lead to unauthorized modification of files, potential data corruption, or persistence of malicious code inside the container environment. The impact includes confidentiality, integrity, and availability risks as indicated by the CVSS score.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32128. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart