Critical NoSQL Injection in FastGPT Allows Root Admin Takeover

/CRITICAL
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvecriticalhigh-severitysql-injectioncwe-943
Critical NoSQL Injection in FastGPT Allows Root Admin Takeover

The National Vulnerability Database has detailed CVE-2026-40351, a critical NoSQL injection vulnerability in FastGPT, an AI Agent building platform. This flaw, present in versions prior to 4.14.9.5, stems from improper validation in the password-based login endpoint. Specifically, the system uses TypeScript type assertion without adequate runtime validation.

This oversight allows an unauthenticated attacker to bypass the password check entirely. By submitting a MongoDB query operator object, such as {"$ne": ""}, as the password, attackers can log in as any user, including the root administrator. This presents a complete compromise risk for FastGPT deployments.

FastGPT has addressed this issue in version 4.14.9.5. Organizations leveraging FastGPT for their AI agent infrastructure are at severe risk if they have not yet patched to the fixed version. The National Vulnerability Database assigns this a CVSS score of 9.8 (CRITICAL), underscoring the immediate danger.

What This Means For You

  • If your organization uses FastGPT, you need to check your version immediately. Patch to 4.14.9.5 or higher without delay. This isn't theoretical; an unauthenticated attacker can become your root administrator. Audit logs for suspicious login attempts pre-patch and rotate all FastGPT administrator credentials after patching.

Indicators of Compromise

IDTypeIndicator
CVE-2026-40351 Auth Bypass FastGPT versions prior to 4.14.9.5
CVE-2026-40351 NoSQL Injection FastGPT password-based login endpoint
CVE-2026-40351 Auth Bypass MongoDB query operator object (e.g., {"$ne": ""}) in password field

Written by SCW Vulnerability Desk

🔎
FastGPT Vulnerability Analysis Use /brief to get an analyst-ready weekly threat summary that covers critical vulnerabilities like CVE-2026-40351.
Open Intel Bot →
Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 18, 2026 at 01:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

Critical NovumOS Flaw: Kernel Takeover via Memory Mapping

CVE-2026-40572 — NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring...

vulnerabilityCVEcriticalhigh-severityprivilege-escalationcwe-269
/SCW Vulnerability Desk /CRITICAL /⚑ 4 IOCs /⚙ 2 Sigma

Movary Flaw Allows Admin Account Creation, High-Severity Risk

CVE-2026-40350 — Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user...

vulnerabilityCVEhigh-severitycwe-863
/SCW Vulnerability Desk /HIGH /⚑ 4 IOCs /⚙ 3 Sigma

Critical Flaw in NovumOS Allows Kernel Privilege Escalation

CVE-2026-40317 — NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 12 (JumpToUser) accepts an...

vulnerabilityCVEcriticalhigh-severityprivilege-escalationcwe-20cwe-269
/SCW Vulnerability Desk /CRITICAL /⚑ 4 IOCs /⚙ 2 Sigma