CVE-2026-32128

Name of the Vulnerable Software and Affected Versions FastGPT versions 4.14.7 and earlier

Description FastGPT is an AI Agent building platform. The Python Sandbox (fastgpt-sandbox) includes security measures to prevent file writes using static detection and seccomp. These measures can be bypassed by remapping standard output (stdout), file descriptor 1, to an arbitrary writable file descriptor using the fcntl function. Following this remapping, writing through sys.stdout.write() still complies with the seccomp rule write(fd==1), allowing for arbitrary file creation and overwriting within the sandbox container, despite the intended restriction against file writes. The fcntl function is used to manipulate file descriptors.

Recommendations Versions prior to 4.14.7 should be updated.