VYPR
Unrated severityNVD Advisory· Published Mar 11, 2026· Updated Mar 12, 2026

FastGPT Python Sandbox Bypass of File-Write Restriction

CVE-2026-32128

Description

FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-sandbox) includes guardrails intended to prevent file writes (static detection + seccomp). These guardrails are bypassable by remapping stdout (fd 1) to an arbitrary writable file descriptor using fcntl. After remapping, writing via sys.stdout.write() still satisfies the seccomp rule write(fd==1), enabling arbitrary file creation/overwrite inside the sandbox container despite the intended no file writes restriction.

Affected products

2
  • Labring/Fastgptllm-fuzzy2 versions
    <=4.14.7+ 1 more
    • (no CPE)range: <=4.14.7
    • (no CPE)range: <= 4.14.7

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.