CVE-2026-40217
ADVISORY - githubSummary
Impact
The POST /guardrails/test_custom_code endpoint runs user-supplied Python inside a hand-rolled sandbox. The sandbox can be escaped using bytecode-level techniques, allowing arbitrary code execution in the proxy process — which runs as root in the default Docker image.
Reaching the endpoint requires a proxy-admin credential in default configurations.
Patches
Fixed in 1.83.11. The hand-rolled sandbox has been replaced with RestrictedPython. Upgrade to 1.83.11 or later.
Workarounds
If upgrading is not immediately possible, block POST /guardrails/test_custom_code at your reverse proxy or API gateway.
References
- Patched release:
v1.83.10-stable
EPSS Score: 0.00277 (0.511)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Unprotected Alternate Channel
NIST
CREATED
UPDATED
ADVISORY IDCVE-2026-40217
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
8.8highGitHub
CVSS SCORE
7.5highChainguard
CREATED
UPDATED
ADVISORY ID
CGA-x8hm-2fj7-cppj
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-c8gj-mj24-qpfx
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-f7r9-xw6c-prv2
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-h97j-rjvr-jv7v
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-v6qx-f2q3-8qqf
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-