Description
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object (e.g., {"$ne": ""}) as the password field. This NoSQL injection bypasses the password check, enabling login as any user including the root administrator. This issue has been fixed in version 4.14.9.5.
Published: 2026-04-17
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass
Action: Immediate Patch
AI Analysis

Impact

FastGPT uses type assertions instead of runtime checks on the loginByPassword endpoint. An unauthenticated attacker can submit a MongoDB query operator object as the password, which the underlying database interprets and therefore bypasses the password check. This allows login as any user, including the root administrator, giving full control over the system without credentials.

Affected Systems

The FastGPT AI Agent building platform is affected in all releases prior to v4.14.9.5. Versions v4.14.9.5 and later contain the fix.

Risk and Exploitability

The CVSS score of 9.8 classifies this as a critical severity vulnerability. The EPSS score is not available, and the issue is not listed in the CISA KEV catalog. The vulnerability is exploitable through the publicly exposed login endpoint without needing any prior authentication. An attacker can simply construct a carefully crafted request to inject the query operator and obtain privileged access.

Generated by OpenCVE AI on April 18, 2026 at 08:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FastGPT to version 4.14.9.5 or later, which includes the fix for the NoSQL injection flaw.
  • Restrict network access to the authentication endpoint, for example by using a firewall or VPN, to limit exposure to trusted hosts.
  • Implement strict server‑side validation of password inputs to reject any MongoDB query operators or non‑alphanumeric characters.

Generated by OpenCVE AI on April 18, 2026 at 08:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Fastgpt
Fastgpt fastgpt
CPEs cpe:2.3:a:fastgpt:fastgpt:*:*:*:*:*:*:*:*
Vendors & Products Fastgpt
Fastgpt fastgpt

Mon, 20 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Labring
Labring fastgpt
Vendors & Products Labring
Labring fastgpt

Fri, 17 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object (e.g., {"$ne": ""}) as the password field. This NoSQL injection bypasses the password check, enabling login as any user including the root administrator. This issue has been fixed in version 4.14.9.5.
Title FastGPT: NoSQL Injection in loginByPassword leads to Authentication Bypass
Weaknesses CWE-943
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Fastgpt Fastgpt
Labring Fastgpt
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-20T14:57:15.664Z

Reserved: 2026-04-10T22:50:01.359Z

Link: CVE-2026-40351

cve-icon Vulnrichment

Updated: 2026-04-20T14:47:37.630Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-17T22:16:32.793

Modified: 2026-04-27T19:39:32.913

Link: CVE-2026-40351

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T09:00:05Z

Weaknesses