{"id":44311,"date":"2026-04-12T03:37:32","date_gmt":"2026-04-12T03:37:32","guid":{"rendered":"http:\/\/localhost\/?p=44311"},"modified":"2026-04-12T03:37:32","modified_gmt":"2026-04-12T03:37:32","slug":"bytedance-deerflow-localsandboxprovider-host-bash-escape","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=44311","title":{"rendered":"ByteDance DeerFlow LocalSandboxProvider Host Bash Escape_CVE-2026-34430"},"content":{"rendered":"

{“lastseen”:””,”description”:”ByteDance Deer-Flow versions prior to commit 92c7a20 contain\u00a0a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such as directory changes and relative paths. Attackers can exploit the incomplete shell semantics modeling to read and modify files outside the sandbox boundary and achieve arbitrary command execution through subprocess invocation with shell interpretation enabled.”,”published”:”2026-04-01T13:34:17.014Z”,”modified”:”2026-04-01T15:01:25.156Z”,”type”:”cve”,”title”:”ByteDance DeerFlow LocalSandboxProvider Host Bash Escape”,”source”:”VulnCheck”,”references”:”https:\/\/github.com\/bytedance\/deer-flow\/pull\/1547\\nhttps:\/\/github.com\/bytedance\/deer-flow\/commit\/92c7a20cb74addc3038d2131da78f2e239ef542e\\nhttps:\/\/www.vulncheck.com\/advisories\/bytedance-deerflow-localsandboxprovider-host-bash-escape”,”id”:”CVE-2026-34430″,”bulletinFamily”:””,”cwe”:[“CWE-184″],”cvelist”:null,”sourceData”:”Bytedance Inc. DeerFlow 0″,”sourceHref”:””,”cvss”:{“score”:8.6,”severity”:”HIGH”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:A\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”DeerFlow”,”version”:”0″,”vendor”:”Bytedance Inc.”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:””,”description”:”ByteDance Deer-Flow versions prior to commit 92c7a20 contain\u00a0a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,81,12,15,13,7,11,5],"class_list":["post-44311","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-86","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nByteDance DeerFlow LocalSandboxProvider Host Bash Escape_CVE-2026-34430 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=44311\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ByteDance DeerFlow LocalSandboxProvider Host Bash Escape_CVE-2026-34430 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:””,”description”:”ByteDance Deer-Flow versions prior to commit 92c7a20 contain\u00a0a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=44311\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-12T03:37:32+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=44311#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=44311\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"ByteDance DeerFlow LocalSandboxProvider Host Bash Escape_CVE-2026-34430\",\"datePublished\":\"2026-04-12T03:37:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=44311\"},\"wordCount\":224,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-8.6\",\"exploit\",\"HIGH\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=44311#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=44311\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=44311\",\"name\":\"ByteDance DeerFlow LocalSandboxProvider Host Bash Escape_CVE-2026-34430 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-04-12T03:37:32+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=44311#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=44311\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=44311#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ByteDance DeerFlow LocalSandboxProvider Host Bash Escape_CVE-2026-34430\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ByteDance DeerFlow LocalSandboxProvider Host Bash Escape_CVE-2026-34430 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=44311","og_locale":"en_US","og_type":"article","og_title":"ByteDance DeerFlow LocalSandboxProvider Host Bash Escape_CVE-2026-34430 - zero redgem","og_description":"{“lastseen”:””,”description”:”ByteDance Deer-Flow versions prior to commit 92c7a20 contain\u00a0a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host...","og_url":"https:\/\/zero.redgem.net\/?p=44311","og_site_name":"zero redgem","article_published_time":"2026-04-12T03:37:32+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=44311#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=44311"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"ByteDance DeerFlow LocalSandboxProvider Host Bash Escape_CVE-2026-34430","datePublished":"2026-04-12T03:37:32+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=44311"},"wordCount":224,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-8.6","exploit","HIGH","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=44311#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=44311","url":"https:\/\/zero.redgem.net\/?p=44311","name":"ByteDance DeerFlow LocalSandboxProvider Host Bash Escape_CVE-2026-34430 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-04-12T03:37:32+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=44311#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=44311"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=44311#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"ByteDance DeerFlow LocalSandboxProvider Host Bash Escape_CVE-2026-34430"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/44311","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=44311"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/44311\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=44311"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=44311"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=44311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}