VYPR
Critical severity9.8NVD Advisory· Published Apr 17, 2026· Updated Apr 27, 2026

CVE-2026-40351

CVE-2026-40351

Description

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object (e.g., {"$ne": ""}) as the password field. This NoSQL injection bypasses the password check, enabling login as any user including the root administrator. This issue has been fixed in version 4.14.9.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Labring/Fastgpt2 versions
    cpe:2.3:a:fastgpt:fastgpt:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:fastgpt:fastgpt:*:*:*:*:*:*:*:*range: <4.14.9.5
    • (no CPE)range: <4.14.9.5

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.