CVE-2026-40352
Received Received - Intake
NoSQL Injection in FastGPT Password Change Enables Account Takeover

Publication date: 2026-04-17

Last updated on: 2026-04-27

Assigner: GitHub, Inc.

Description
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This allows an attacker who has gained a low-privileged session to change the password of their account (or others if combined with ID manipulation) without knowing the current one, leading to full account takeover and persistence. This issue has been fixed in version 4.14.9.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-17
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-40352
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
fastgpt fastgpt to 4.14.9.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-943 The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in FastGPT versions prior to 4.14.9.5 in the password change endpoint. It is a NoSQL injection flaw that allows an authenticated attacker to bypass the verification of the "old password" by injecting MongoDB query operators.

As a result, an attacker with a low-privileged session can change the password of their own account or potentially other accounts (if combined with ID manipulation) without knowing the current password.

This leads to full account takeover and persistence.

Impact Analysis

The vulnerability allows an attacker with low privileges to take over accounts by changing passwords without knowing the original ones.

This can lead to unauthorized access, loss of account control, and potential persistence within the system.

The impact includes confidentiality, integrity, and availability being compromised, as indicated by the CVSS score (8.8) with high impact on all three.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade FastGPT to version 4.14.9.5 or later, where the issue has been fixed.

Compliance Impact

The vulnerability allows an authenticated attacker to bypass password verification and potentially take over accounts, leading to unauthorized access and persistence.

Such unauthorized access and account takeover can result in breaches of confidentiality, integrity, and availability of user data.

This can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40352. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart