Is Nosql Injection affected by CVE-2026-40351?

FastGPT versions below 4.14.9.5 contain a critical authentication bypass vulnerability in the login mechanism that allows unauthenticated attackers to gain unauthorized access to any user account, including root administrator, without knowing passwords.

CVE-2026-40351

Q: How to fix CVE-2026-40351?

Within 24 hours: Identify all FastGPT deployments running versions below 4.14.9.5 and inventory affected systems. Within 7 days: Implement network segmentation to restrict access to the login endpoint (port/endpoint details dependent on deployment architecture) to authorized administrative IP ranges only, and enable comprehensive login attempt logging and alerting. Within 30 days: Upgrade all FastGPT instances to version 4.14.9.5 or later once patch availability is confirmed with vendor, or evaluate alternative solutions if upgrade path is unavailable.

EUVD-2026-23557 CRITICAL

2026-04-17 GitHub_M

Denial Of Service Nosql Injection

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 17, 2026 - 22:22 vuln.today

cvss_changed

patch_available

Apr 17, 2026 - 22:16 EUVD

Analysis Generated

Apr 17, 2026 - 22:09 vuln.today

DescriptionNVD

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object (e.g., {"$ne": ""}) as the password field. This NoSQL injection bypasses the password check, enabling login as any user including the root administrator. This issue has been fixed in version 4.14.9.5.

AnalysisAI

NoSQL injection in FastGPT <4.14.9.5 password authentication allows unauthenticated remote attackers to bypass login controls and access any account, including root administrator, by submitting MongoDB query operators instead of plaintext passwords. The vulnerability stems from missing runtime validation on password fields in the login endpoint. …

RemediationAI

Within 24 hours: Identify all FastGPT deployments running versions below 4.14.9.5 and inventory affected systems. Within 7 days: Implement network segmentation to restrict access to the login endpoint (port/endpoint details dependent on deployment architecture) to authorized administrative IP ranges only, and enable comprehensive login attempt logging and alerting. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-40351 vulnerability details – vuln.today

Back

CVE-2026-40351

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code