CVE-2026-32128
- Source
- https://cve.org/CVERecord?id=CVE-2026-32128
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32128.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-32128
- Aliases
-
- GHSA-6hw6-mxrm-v6wj
- Published
- 2026-03-11T21:30:26.336Z
- Modified
- 2026-04-10T05:42:19.952074Z
- Severity
-
- 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- FastGPT Python Sandbox Bypass of File-Write Restriction
- Details
-
FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-sandbox) includes guardrails intended to prevent file writes (static detection + seccomp). These guardrails are bypassable by remapping stdout (fd 1) to an arbitrary writable file descriptor using fcntl. After remapping, writing via sys.stdout.write() still satisfies the seccomp rule write(fd==1), enabling arbitrary file creation/overwrite inside the sandbox container despite the intended no file writes restriction.
- Database specific
{ "cwe_ids": [ "CWE-184" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32128.json", "cna_assigner": "GitHub_M" }- References
Affected packages
Git / github.com/labring/fastgpt
Affected versions
4.*
4.8.9-alpha
Other
delete
v0.*
v0.9
v1.*
v1.2
v1.4
v2.*
v2.0
v2.1
v2.2
v2.3
v2.4
v2.5
v2.6
v2.7
v2.7.1
v2.7.2
v2.8
v2.8.5
v2.9
v3.*
v3.0
v3.1
v3.2
v3.3
v3.4
v3.5
v3.7
v3.7.1
v3.7.3
v3.8
v3.8.1
v3.8.3
v3.8.4
v3.8.5
v3.8.6
v3.8.7
v3.8.8
v3.8.9
v3.9
v3.9.1
v3.9.2
v3.9.3
v3.9.4
v4.*
v4.0-beta
v4.10.0
v4.10.0-fix
v4.10.1
v4.10.1-alpha
v4.10.1-fix
v4.10.1-fix2
v4.10.1-fix3
v4.11.0
v4.11.1
v4.11.1-fix
v4.11.1-fix2
v4.11.1-fix3
v4.12.0
v4.12.1
v4.12.1-fix
v4.12.2
v4.12.2-fix
v4.12.2-fix2
v4.12.2-fix3
v4.12.3
v4.12.4
v4.13.0
v4.13.0-fix
v4.13.1
v4.13.2
v4.14.0
v4.14.0-fix
v4.14.1
v4.14.2
v4.14.2-fix
v4.14.3
v4.14.4
v4.14.4-cve
v4.14.5-fix
v4.14.5.1
v4.14.6
v4.14.6.1
v4.14.7
v4.2
v4.2.1
v4.2.2
v4.3
v4.4.2
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.5
v4.5.1
v4.5.2
v4.6
v4.6.1
v4.6.1-alpha
v4.6.2
v4.6.2-alpha
v4.6.3
v4.6.3-alpha
v4.6.4
v4.6.4-alpha
v4.6.5
v4.6.5-alpha
v4.6.5-alpha2
v4.6.6
v4.6.6-alpha
v4.6.6-alpha2
v4.6.7
v4.6.7-alpha
v4.6.7-fix
v4.6.8
v4.6.8-alpha
v4.6.9
v4.6.9-alpha
v4.6.9-alpha2
v4.7
v4.7-alpha
v4.7-alpha2
v4.7-alpha3
v4.7.1
v4.7.1-alpha
v4.7.1-alpha2
v4.7.1-alpha3
v4.7.1-fix
v4.7.1-fix2
v4.8
v4.8-alpha
v4.8-alpha2
v4.8-alpha3
v4.8-preview
v4.8-preview2
v4.8-preview3
v4.8-preview4
v4.8.1
v4.8.1-alpha
v4.8.10
v4.8.10-alpha
v4.8.10-alpha2
v4.8.10-fix
v4.8.10-fix2
v4.8.11
v4.8.11-alpha
v4.8.11-alpha2
v4.8.11-beta
v4.8.11-fix
v4.8.12
v4.8.12-alpha
v4.8.12-beta
v4.8.12-fix
v4.8.13
v4.8.13-fix
v4.8.14
v4.8.14-alpha
v4.8.14-fix
v4.8.14-milvus-fix
v4.8.15
v4.8.15-alpha
v4.8.15-alpha2
v4.8.15-alpha3
v4.8.15-fix
v4.8.15-fix-emb-page
v4.8.15-fix2
v4.8.15-fix3
v4.8.16
v4.8.16-alpha
v4.8.16-beta
v4.8.17
v4.8.17-alpha
v4.8.17-fix-title
v4.8.18
v4.8.18-fix
v4.8.18-fix2
v4.8.19
v4.8.19-beta
v4.8.2
v4.8.20-fix
v4.8.20-fix2
v4.8.21
v4.8.21-fix
v4.8.22
v4.8.22-alpha
v4.8.23
v4.8.23-alpha
v4.8.23-fix
v4.8.23-fix2
v4.8.3
v4.8.4
v4.8.4-alpha
v4.8.4-fix
v4.8.5
v4.8.5-alpha
v4.8.6
v4.8.6-alpha
v4.8.6-alpha2
v4.8.7
v4.8.7-alpha
v4.8.7-alpha2
v4.8.8
v4.8.8-alpha
v4.8.8-alpha2
v4.8.8-fix
v4.8.8-fix2
v4.8.9
v4.8.9-alpha
v4.8.9-test
v4.9.0
v4.9.0-fix
v4.9.0-fix2
v4.9.1-fix
v4.9.1-fix2
v4.9.10
v4.9.10-alpha
v4.9.10-fix
v4.9.10-fix2
v4.9.11
v4.9.11-alpha
v4.9.12
v4.9.12-alpha
v4.9.13
v4.9.14
v4.9.14-fix
v4.9.2
v4.9.3
v4.9.4
v4.9.5
v4.9.5-alpha
v4.9.6
v4.9.6-alpha
v4.9.7
v4.9.7-alpha
v4.9.7-fix
v4.9.7-fix2
v4.9.8
v4.9.8-alpha
v4.9.9
v4.9.9-alpha