CVE-2026-40352 - Vulnerability Details

- FastGPT: NoSQL Injection in updatePasswordByOld Leads to Account Takeover

Description

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This allows an attacker who has gained a low-privileged session to change the password of their account (or others if combined with ID manipulation) without knowing the current one, leading to full account takeover and persistence. This issue has been fixed in version 4.14.9.5.

Published: 2026-04-17

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a NoSQL injection in FastGPT’s password change endpoint. An authenticated attacker can inject MongoDB operators to bypass the old‑password verification and change the password for their own account or any account if they can modify the user identifier. Once the password is changed, the attacker gains full control of the account and can maintain persistence. The flaw is classified as CWE‑943, a NoSQL injection that compromises authentication.

Affected Systems

The affected product is FastGPT by labring. Versions prior to 4.14.9.5 contain the vulnerability, which is fixed in version 4.14.9.5.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, with potential loss of confidentiality, integrity, and availability. The EPSS score is unavailable, so the exact likelihood of exploitation is unknown, but the vulnerability has been reported publicly and is known to be exploitable by anyone with authenticated access. It is not listed in the CISA KEV catalog, yet an attacker can target users with low privileges, change credentials, and achieve persistence. Prompt remediation is essential to prevent account takeover and potential further compromise.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

labring

FastGPT

affected

Version	Status	Constraints
`< 4.14.9.5`	affected	—

No data.

Vendor Product Confidence Versions

Labring

Fastgpt

100%

Version	Status	Scheme	Platform
`[0,4.14.9.5)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade FastGPT to version 4.14.9.5 or later, which removes the injection vector.
Ensure that the password update endpoint performs strict input validation and sanitization to prevent MongoDB query operators from being injected.
Revoke all active sessions and require users to reset their passwords to eliminate any compromised credentials.

Generated by OpenCVE AI on April 18, 2026 at 08:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00029.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/labring/FastGPT/commit/bd966d479fbe414d02679cf79f9eaaab3d100a2d
https://github.com/labring/FastGPT/releases/tag/v4.14.9.5
https://github.com/labring/FastGPT/security/advisories/GHSA-422w-vrfj-72g6

History

Mon, 20 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 17 Apr 2026 23:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Labring Labring fastgpt
Vendors & Products		Labring Labring fastgpt

Fri, 17 Apr 2026 21:30:00 +0000

Type	Values Removed	Values Added
Description		FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This allows an attacker who has gained a low-privileged session to change the password of their account (or others if combined with ID manipulation) without knowing the current one, leading to full account takeover and persistence. This issue has been fixed in version 4.14.9.5.
Title		FastGPT: NoSQL Injection in updatePasswordByOld Leads to Account Takeover
Weaknesses		CWE-943
References		https://github.com/labring/FastGPT/commit/bd966d479fbe414d02679cf79f9eaaab3d100a2d https://github.com/labring/FastGPT/releases/tag/v4.14.9.5 https://github.com/labring/FastGPT/security/advisories/GHSA-422w-vrfj-72g6
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Labring Fastgpt

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-04-17T21:09:32.913Z

Updated: 2026-04-20T13:36:06.464Z

Reserved: 2026-04-10T22:50:01.359Z

Link: CVE-2026-40352

Vulnrichment

Updated: 2026-04-20T13:32:41.459Z

NVD

Status : Awaiting Analysis

Published: 2026-04-17T22:16:32.940

Modified: 2026-04-20T19:03:07.607

Link: CVE-2026-40352

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T09:00:05Z

Weaknesses

CWE-943

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object