CVE-2026-44287

Published: Mag 29, 2026 Last Modified: Mag 29, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: low

Description

AI Translation Available

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() with the regex /\bimport\s*\(/.test(code). JavaScript syntax accepts a block comment between import and (; the regex matches only ASCII whitespace, and the bytes /, *, *, / are not in the \s character class. The payload import/**/('child_process') parses as a syntactically valid dynamic import that the regex does not detect. Because import() is not wrapped by the safeRequire Proxy (which only proxies require), the attacker loads child_process and calls execSync - arbitrary command execution as uid=100(sandbox) inside the sandbox container. This vulnerability is fixed in 4.15.0-beta1.

94

Improper Control of Generation of Code ('Code Injection')

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Integrity Confidentiality Availability Non-Repudiation
Potential Impacts:
Bypass Protection Mechanism Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Hide Activities
Applicable Platforms
Languages: Interpreted
Technologies: AI/ML
Likelihood of Exploit: Medium
View CWE Details
184

Incomplete List of Disallowed Inputs

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Bypass Protection Mechanism
Applicable Platforms
All platforms may be affected
View CWE Details
https://github.com/labring/FastGPT/security/advisories/GHSA…
https://github.com/labring/FastGPT/security/advisories/GHSA-f5mq-qxm4-5mvc