CVE-2026-40351
Published: 17 April 2026
Summary
CVE-2026-40351 is a critical-severity Improper Neutralization of Special Elements in Data Query Logic (CWE-943) vulnerability in Fastgpt Fastgpt. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as APIs and Models.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires runtime validation of password inputs at the login endpoint to block NoSQL injection operators like {"$ne": ""} from bypassing authentication.
Mandates timely flaw remediation, such as applying the patch in FastGPT v4.14.9.5 that adds runtime validation missing due to TypeScript type assertion.
Ensures authenticator management practices verify and protect password strength against injection attacks that bypass login checks.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
NoSQL injection in public-facing login endpoint enables remote authentication bypass for unauthorized access to any account including admin, directly mapping to exploitation of public-facing application for initial access.
NVD Description
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object (e.g., {"$ne": ""}) as the password…
more
field. This NoSQL injection bypasses the password check, enabling login as any user including the root administrator. This issue has been fixed in version 4.14.9.5.
Deeper analysisAI
CVE-2026-40351 is a NoSQL injection vulnerability in FastGPT, an AI Agent building platform, affecting versions prior to 4.14.9.5. The issue occurs in the password-based login endpoint, where TypeScript type assertion is applied without runtime validation of the input. This flaw enables an attacker to submit a MongoDB query operator object, such as {"$ne": ""}, in the password field, bypassing the authentication check entirely. The vulnerability is classified under CWE-943 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An unauthenticated attacker can exploit this vulnerability remotely over the network with low complexity and no user interaction or privileges required. By crafting a malicious password payload, the attacker bypasses login validation and gains unauthorized access as any user account, including the root administrator, potentially compromising the entire platform.
The vulnerability has been fixed in FastGPT version 4.14.9.5. Security advisories recommend upgrading to this patched version to mitigate the issue. Key references include the fixing commit at https://github.com/labring/FastGPT/commit/bd966d479fbe414d02679cf79f9eaaab3d100a2d, the release notes at https://github.com/labring/FastGPT/releases/tag/v4.14.9.5, and the GitHub security advisory at https://github.com/labring/FastGPT/security/advisories/GHSA-x8mx-2mr7-h9xg.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- APIs and Models
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai