FastGPT NoSQL Injection: Account Takeover Risk

/HIGH
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitysql-injectioncwe-943
FastGPT NoSQL Injection: Account Takeover Risk

The National Vulnerability Database (NVD) has detailed CVE-2026-40352, a high-severity NoSQL injection vulnerability affecting FastGPT, an AI Agent building platform. Specifically, versions prior to 4.14.9.5 are susceptible through the password change endpoint. This flaw carries a CVSS score of 8.8 (HIGH).

According to the NVD, an authenticated attacker can bypass the ‘old password’ verification by injecting MongoDB query operators. This means a low-privileged session is all an attacker needs to change an account’s password without prior knowledge of the current one. The NVD notes this could lead to full account takeover and persistence, especially if combined with ID manipulation to target other users.

This is a critical flaw. It undermines the fundamental security control of password verification. Defenders running FastGPT instances must prioritize patching to version 4.14.9.5 immediately. Attackers are constantly looking for ways to escalate privileges from a low-level foothold, and this vulnerability provides a direct path to full control, effectively negating any multi-factor authentication if the password can be reset.

What This Means For You

  • If your organization uses FastGPT, you must immediately verify your version. If you are running anything prior to 4.14.9.5, patch without delay. Audit logs for any suspicious password change attempts, especially from low-privileged accounts, as this vulnerability allows full account takeover.

Related ATT&CK Techniques

T1110.004 Password Reset Credential Access T1550.003 Use Alternate Authentication Material: Pass the Hash Credential Access T1200 Hardware Additions Persistence

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1110.004 Credential Access

CVE-2026-40352 - FastGPT Password Change NoSQL Injection

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-40352 Auth Bypass FastGPT versions prior to 4.14.9.5
CVE-2026-40352 NoSQLi FastGPT password change endpoint
CVE-2026-40352 Bypass 'old password' verification via MongoDB query operator injection

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 18, 2026 at 01:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

Critical NovumOS Flaw: Kernel Takeover via Memory Mapping

CVE-2026-40572 — NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring...

vulnerabilityCVEcriticalhigh-severityprivilege-escalationcwe-269
/SCW Vulnerability Desk /CRITICAL /⚑ 4 IOCs /⚙ 2 Sigma

Movary Flaw Allows Admin Account Creation, High-Severity Risk

CVE-2026-40350 — Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user...

vulnerabilityCVEhigh-severitycwe-863
/SCW Vulnerability Desk /HIGH /⚑ 4 IOCs /⚙ 3 Sigma

Critical Flaw in NovumOS Allows Kernel Privilege Escalation

CVE-2026-40317 — NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 12 (JumpToUser) accepts an...

vulnerabilityCVEcriticalhigh-severityprivilege-escalationcwe-20cwe-269
/SCW Vulnerability Desk /CRITICAL /⚑ 4 IOCs /⚙ 2 Sigma