{"data":{"id":"f8e15555-028a-487c-aeed-0b43a1626c53","title":"CVE-2026-32128: FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-sandbox) includes gua","summary":"FastGPT, an AI Agent building platform, has a vulnerability in its Python Sandbox (fastgpt-sandbox) in version 4.14.7 and earlier where attackers can bypass file-write protections by remapping stdout (the standard output stream) to a different file descriptor using fcntl (a tool for controlling file operations), allowing them to create or overwrite files inside the sandbox container despite intended restrictions.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-32128","publishedAt":"2026-03-11T22:16:32.633Z","cveId":"CVE-2026-32128","cweIds":["CWE-184"],"cvssScore":"6.3","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["FastGPT"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-03-11T22:16:32.633Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}