AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-32128: FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-sandbox) includes gua

mediumvulnerability

security

Source: NVD/CVE DatabaseMarch 11, 2026CVE-2026-32128

Summary

FastGPT, an AI Agent building platform, has a vulnerability in its Python Sandbox (fastgpt-sandbox) in version 4.14.7 and earlier where attackers can bypass file-write protections by remapping stdout (the standard output stream) to a different file descriptor using fcntl (a tool for controlling file operations), allowing them to create or overwrite files inside the sandbox container despite intended restrictions.

Vulnerability Details

CVSS Score

6.3(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

network

Attack Complexity

low

Privileges Required

low

User Interaction

none

Disclosure Date

March 11, 2026

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

Taxonomy References

CWE (Weakness Type)

CWE-184

Affected Vendors

HuggingFace

Related Issues

high

CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling

Same vendorNVD/CVE Database

critical

CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose

Same vendor

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-32128

First tracked: March 11, 2026 at 08:07 PM

Classified by LLM (prompt v3) · confidence: 85%