PatchSiren cyber security CVE debrief
CVE-2026-44287 labring CVE debrief
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() with the regex /bimport*s*(/.test(code). JavaScript syntax accepts a block comment between import and (; the regex matches only ASCII whitespace, and the bytes /, *, *, / are not in the s character class. The payload import/**/(child_process) parses as a syntactically valid dynamic import that the regex does not detect. Because import() is not wrapped by the safeRequire Proxy (which only proxies require), the attacker loads child_process and calls execSync - arbitrary command execution as uid=100(sandbox) inside the sandbox container. This vulnerability is fixed in 4.15.0-beta1.
- Vendor
- labring
- Product
- FastGPT
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-29
- Original CVE updated
- 2026-05-29
- Advisory published
- 2026-05-29
- Advisory updated
- 2026-05-29
Who should care
Organizations running FastGPT instances with JavaScript code execution enabled; security teams responsible for AI/ML platform sandboxing; developers building code sandbox implementations using regex-based filtering
Technical summary
The FastGPT AI platform's JavaScript sandbox prior to 4.15.0-beta1 contains a regex-based filter bypass vulnerability. The sandbox attempts to block dangerous dynamic import() calls using the pattern /bimport*s*(/, which only matches ASCII whitespace between 'import' and '('. JavaScript syntax permits block comments (/**/) in this position, allowing payloads like import/**/(child_process) to evade detection. Unlike require(), which is wrapped by a safeRequire Proxy, import() calls execute without security wrapping, enabling attackers to load arbitrary modules including child_process and achieve command execution within the sandbox container.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade FastGPT to version 4.15.0-beta1 or later to remediate this vulnerability
- Review and audit any custom sandbox implementations for similar regex-based filtering weaknesses
- Implement defense-in-depth by applying additional sandboxing layers (container restrictions, seccomp profiles, resource limits) beyond application-level code filters
- Monitor sandbox container execution for anomalous process spawning or unexpected module loads
- If immediate patching is not feasible, consider disabling or restricting JavaScript code execution features in FastGPT until remediation is complete
Evidence notes
The vulnerability stems from an incomplete regex-based filter in FastGPT's JavaScript sandbox implementation. The regex /bimport*s*(/ attempts to block dynamic import() calls but fails to account for JavaScript's allowance of block comments (/**/) between the import keyword and the opening parenthesis. This parsing gap enables bypass of the sandbox's intended security controls. The safeRequire Proxy mechanism, which provides security wrapping for require() calls, does not extend to import(), creating an execution path that permits loading of arbitrary Node.js modules including child_process. Successful exploitation yields command execution within the sandbox container context (uid=100). The issue was resolved in version 4.15.0-beta1.
Official resources
-
CVE-2026-44287 CVE record
CVE.org
-
CVE-2026-44287 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
2026-05-29