FastGPT NoSQL injection enables account takeover (CVE-2026-40352)

Overview

A high-severity NoSQL injection vulnerability (CVE-2026-40352) has been identified in the FastGPT AI Agent platform. This security flaw allows an attacker with a valid low-privileged user session to change account passwords without knowing the current password, leading to a complete account takeover.

Vulnerability Details

The vulnerability resides in the password change functionality of FastGPT versions prior to 4.14.9.5. The endpoint responsible for verifying the user’s “old password” does not properly sanitize user input. An authenticated attacker can submit specially crafted data containing MongoDB query operators, which tricks the system into accepting an incorrect or empty old password. This bypasses the critical verification step.

While the primary attack vector is changing the password of the attacker’s own account for persistence, the advisory notes this could potentially be combined with user ID manipulation to target other accounts, escalating the impact.

Impact and Risk

The successful exploitation of this vulnerability has a direct and severe consequence: full account compromise. An attacker who has obtained a user’s session through other means (like credential phishing or session hijacking) can lock the legitimate user out by changing the password, maintaining persistent access to the AI agent platform. This access could be used to steal sensitive data, manipulate AI agents and workflows, or as a foothold for further lateral movement within an organization’s environment. The CVSS score of 8.8 (High) reflects the low attack complexity and high impact on confidentiality, integrity, and availability.

Remediation and Mitigation

The vendor has released a fix in FastGPT version 4.14.9.5. All users and administrators of FastGPT must upgrade to this version or a later patched release immediately.

Immediate Actions:

1. Patch: Upgrade your FastGPT installation to version 4.14.9.5 or higher without delay.
2. Investigate: Review authentication logs for any unusual password change activity, especially from unexpected locations or times.
3. Response: If compromise is suspected, follow your incident response plan. This should include revoking potentially affected user sessions and forcing password resets.

For organizations tracking emerging threats, you can find updates on major incidents in our security news section.

Security Insight

This vulnerability highlights the persistent risk of injection attacks extending beyond traditional SQL databases into NoSQL systems like MongoDB. It serves as a critical reminder that input validation and parameterized queries are non-negotiable security practices for all data interaction layers, not just relational ones. Similar oversights in user credential management functions have been a common root cause in past breaches, underlining the need for rigorous security testing of authentication and authorization flows.

Further Reading

• All High Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs