What is the CVSS score of CVE-2026-44287?

CVE-2026-44287 has a CVSS 3.1 base score of 6.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.1%.

Is there a patch available for CVE-2026-44287?

Yes, a patch is available for CVE-2026-44287. Update the affected software to the latest version immediately.

FastGPT CVE-2026-44287

EUVD-2026-33431 MEDIUM

Code Injection (CWE-94)

2026-05-29 GitHub_M

RCE Code Injection Fastgpt

6.3

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

6.3 MEDIUM

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch available

May 29, 2026 - 21:02 EUVD

Analysis Generated

May 29, 2026 - 20:37 vuln.today

DescriptionGitHub Advisory

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() with the regex /\bimport\s*\(/.test(code). JavaScript syntax accepts a block comment between import and (; the regex matches only ASCII whitespace, and the bytes /, *, *, / are not in the \s character class. The payload import/**/("child_process") parses as a syntactically valid dynamic import that the regex does not detect. Because import() is not wrapped by the safeRequire Proxy (which only proxies require), the attacker loads child_process and calls execSync - arbitrary command execution as uid=100(sandbox) inside the sandbox container. This vulnerability is fixed in 4.15.0-beta1.

AnalysisAI

Sandbox escape in FastGPT's JavaScript code execution worker allows authenticated remote attackers to execute arbitrary OS commands inside the sandbox container by bypassing a regex-based blocklist. The sandbox at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() using a regex that matches only ASCII whitespace between 'import' and '(', failing to account for JavaScript's syntactically valid block comment syntax - the payload import//("child_process") parses correctly by the JS engine but evades the regex entirely. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate with low-privileged FastGPT account

Delivery

Access JavaScript code sandbox execution feature

Exploit

Submit import/**/("child_process") payload

Execution

Regex blocklist fails to match comment-obfuscated import

Persist

Node.js runtime resolves dynamic import() outside safeRequire Proxy

Impact

Call execSync for arbitrary OS commands as uid=100(sandbox)