Description

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object (e.g., {"$ne": ""}) as the password field. This NoSQL injection bypasses the password check, enabling login as any user including the root administrator. This issue has been fixed in version 4.14.9.5.

INFO

Published Date :

2026-04-17T21:05:05.911Z

Last Modified :

2026-04-20T14:57:15.664Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-40351 vulnerability.

Vendors Products
Labring
  • Fastgpt
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40351.

URL Resource
https://github.com/labring/FastGPT/commit/bd966d479fbe414d02679cf79f9eaaab3d100a2d cve-icon cve-icon
https://github.com/labring/FastGPT/releases/tag/v4.14.9.5 cve-icon cve-icon
https://github.com/labring/FastGPT/security/advisories/GHSA-x8mx-2mr7-h9xg cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact