Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-32128
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
FastGPT Python Sandbox Bypass of File-Write Restriction
Source: NVD (National Vulnerability Database)
Vulnerability Description
FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-sandbox) includes guardrails intended to prevent file writes (static detection + seccomp). These guardrails are bypassable by remapping stdout (fd 1) to an arbitrary writable file descriptor using fcntl. After remapping, writing via sys.stdout.write() still satisfies the seccomp rule write(fd==1), enabling arbitrary file creation/overwrite inside the sandbox container despite the intended no file writes restriction.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
不完整的黑名单
Source: NVD (National Vulnerability Database)
Vulnerability Title
FastGPT 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
FastGPT是labring开源的一款基于大语言模型的开源知识库问答系统。 FastGPT 4.14.7及之前版本存在安全漏洞,该漏洞源于Python沙箱的防护措施可通过使用fcntl重映射stdout来绕过,可能导致在沙箱容器内任意创建或覆盖文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
labringFastGPT <= 4.14.7 -
II. Public POCs for CVE-2026-32128
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2026-32128
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: FastGPT
Same vendor: labring
Same weakness: CWE-184
V. Comments for CVE-2026-32128

No comments yet

Leave a comment