FastGPT NoSQL Injection Auth Bypass (CVE-2026-40351/40352)
AI relevance: FastGPT is an open-source platform for building and deploying AI agents — a successful auth bypass hands an attacker the agent builder, its API keys, connected tool integrations, and any RAG knowledge bases stored in MongoDB.
What happened
- CVE-2026-40351 (Critical): The password-based login endpoint in FastGPT versions prior to 4.14.9.5 uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object (e.g.,
{"$ne": ""}) as the password field. This NoSQL injection bypasses the password check entirely, enabling login as any user including the root administrator. - CVE-2026-40352 (High, CVSS 8.8): The password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators, leading to full account takeover and persistence.
- Both vulnerabilities were disclosed on April 17, 2026, and fixed in version 4.14.9.5.
- These are classic NoSQL injection patterns — passing structured query operators through user-controlled input that the application then uses directly in MongoDB queries.
- FastGPT is used to build AI agents with access to knowledge bases, API integrations, and custom tool definitions, making a root account compromise equivalent to owning the entire agent deployment surface.
Why it matters
AI agent platforms centralize access to tools, knowledge bases, and external APIs. An attacker who gains admin access to an agent builder doesn't just get a user account — they get the ability to reconfigure agent behavior, exfiltrate embedded credentials, modify tool definitions, and potentially pivot through every external system the agents can reach. NoSQL injection in authentication endpoints is a well-understood vulnerability class, yet it continues to appear in fast-moving AI infrastructure where traditional input validation practices get overlooked.
What to do
- If you self-host FastGPT, upgrade to 4.14.9.5 or later immediately.
- Review MongoDB query construction across your codebase — never pass user input directly into query objects without schema validation.
- Implement runtime input validation (e.g., Zod, Joi) in addition to TypeScript type assertions, which are erased at runtime.
- Audit your agent platform's admin accounts for unauthorized access during the vulnerable window.