CVE-2026-34430CRITICAL 9.6EPSS p31.6%

CVE-2026-34430CVE-2026-34430

Description

ByteDance DeerFlow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such as directory changes and relative paths. Attackers can exploit the incomplete shell semantics modeling to read and modify files outside the sandbox boundary and achieve arbitrary command execution through subprocess invocation with shell interpretation enabled.

Scoring

CVSS 3.19.6 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS0.40% probability of exploitation · percentile 31.6% · 2026-06-19T12:03:05Z
Published2026-04-01
Last modified2026-05-12

Underlying weaknesses· 1

CWE-184

References

  1. https://github.com/bytedance/deer-flow/commit/92c7a20cb74addc3038d2131da78f2e239ef542e
  2. https://github.com/bytedance/deer-flow/pull/1547
  3. https://www.vulncheck.com/advisories/bytedance-deerflow-localsandboxprovider-host-bash-escape

1

TypeTargetConfidenceTier
WeaknessIncomplete List of Disallowed Inputscwe-1840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-40518
CVE
CVE-2026-6442
CVE
CVE-2025-64128
CVE
CVE-2026-42434
CVE
CVE-2026-32915
CVE
CVE-2025-1127
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.