CVE-2026-40352
Published: 17 April 2026
Summary
CVE-2026-40352 is a high-severity Improper Neutralization of Special Elements in Data Query Logic (CWE-943) vulnerability in Fastgpt Fastgpt. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 8.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as APIs and Models.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents NoSQL injection in the password change endpoint by requiring validation of user inputs like the old password field against MongoDB query operators.
Requires timely identification, reporting, and correction of flaws such as this NoSQL injection vulnerability through patching to version 4.14.9.5.
Mandates secure management of authenticators including verification during password changes, mitigating bypass of old password checks.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
NoSQL injection in web password change endpoint enables exploitation of public-facing application (T1190) and directly facilitates unauthorized account password changes for takeover (T1098).
NVD Description
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This allows an attacker who…
more
has gained a low-privileged session to change the password of their account (or others if combined with ID manipulation) without knowing the current one, leading to full account takeover and persistence. This issue has been fixed in version 4.14.9.5.
Deeper analysisAI
CVE-2026-40352 is a NoSQL injection vulnerability in the password change endpoint of FastGPT, an AI Agent building platform. It affects versions prior to 4.14.9.5 and stems from improper handling of MongoDB query operators (CWE-943). The flaw has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.
An authenticated attacker with a low-privileged session can exploit this vulnerability to bypass the required "old password" verification. By injecting MongoDB query operators, they can change the password of their own account without knowing the current one. If combined with ID manipulation, the attacker could target other accounts, achieving full account takeover and long-term persistence on the platform.
The vulnerability has been addressed in FastGPT version 4.14.9.5. Mitigation details, including the fixing commit and release notes, are documented in the project's GitHub security advisory (GHSA-422w-vrfj-72g6), release page (v4.14.9.5), and the specific patch commit (bd966d479fbe414d02679cf79f9eaaab3d100a2d). Security practitioners should upgrade to the patched version and review access controls for password management endpoints.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- APIs and Models
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai