What is the CVSS score of CVE-2026-40352?

CVE-2026-40352 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of FastGPT are affected by CVE-2026-40352?

FastGPT versions before 4.14.9.5 contain a NoSQL injection vulnerability in the password change endpoint that allows authenticated users to bypass password verification, resulting in unauthorized…. A patch is available.

FastGPT CVE-2026-40352

EUVD-2026-23559 HIGH

Improper Neutralization of Special Elements in Data Query Logic (CWE-943)

2026-04-17 GitHub_M

Authentication Bypass Nosql Injection

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Apr 27, 2026 - 19:39 nvd

Patch available

Re-analysis Queued

Apr 17, 2026 - 22:22 vuln.today

cvss_changed

Patch available

Apr 17, 2026 - 22:16 EUVD

Analysis Generated

Apr 17, 2026 - 22:09 vuln.today

EUVD ID Assigned

Apr 17, 2026 - 21:45 euvd

EUVD-2026-23559

Analysis Generated

Apr 17, 2026 - 21:45 vuln.today

CVE Published

Apr 17, 2026 - 21:09 nvd

HIGH 8.8

DescriptionNVD

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This allows an attacker who has gained a low-privileged session to change the password of their account (or others if combined with ID manipulation) without knowing the current one, leading to full account takeover and persistence. This issue has been fixed in version 4.14.9.5.

AnalysisAI

NoSQL injection in FastGPT versions before 4.14.9.5 allows authenticated attackers to bypass password verification on the password change endpoint using MongoDB query operators. Low-privileged users can change their own password (or potentially others' passwords via ID manipulation) without knowing the current password, enabling full account takeover and persistent access. …

RemediationAI

Within 24 hours: Inventory all FastGPT deployments and confirm running versions against 4.14.9.5 baseline. Within 7 days: Upgrade all FastGPT instances to version 4.14.9.5 or later; if upgrade is not immediately feasible, implement network-level access controls restricting password change endpoint access to trusted administrative networks only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-40352 vulnerability details – vuln.today

Back

FastGPT CVE-2026-40352

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code