Sandbox Escape Vulnerability in ByteDance Deer-Flow Bash Tool
CVE-2026-34430

8.6HIGH

Key Information:

Vendor

Bytedance Inc.

Status
Deerflow
Vendor
CVE Published:
1 April 2026

What is CVE-2026-34430?

The Deer-Flow application by ByteDance has a vulnerability that allows attackers to escape its sandbox environment by exploiting flawed bash tool handling. By bypassing regex-based validation using shell features, attackers can change directories and use relative paths to execute arbitrary commands on the host system. This issue stems from incomplete shell semantics modeling, which permits unauthorized access to files outside of the designated sandbox boundary. Through subprocess invocation and enabled shell interpretation, this vulnerability could result in significant security risks.

Affected Version(s)

DeerFlow 0 < 92c7a20cb74addc3038d2131da78f2e239ef542e

References

https://github.com/bytedance/deer-flow/pull/1547
issue-tracking
https://github.com/bytedance/deer-flow/commit/92c7a20cb74...
patch
https://www.vulncheck.com/advisories/bytedance-deerflow-l...
third-party-advisory

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Chia Min Jun Lennon
.