Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-40351

CVE-2026-40351: FastGPT Auth Bypass Vulnerability

CVE-2026-40351 is an authentication bypass flaw in FastGPT AI Agent platform that exploits NoSQL injection to bypass password checks and gain unauthorized admin access. This article covers technical details, versions, impact, and patches.

Published:

CVE-2026-40351 Overview

CVE-2026-40351 is a critical NoSQL injection vulnerability in FastGPT, an AI Agent building platform. The vulnerability exists in versions prior to 4.14.9.5 where the password-based login endpoint uses TypeScript type assertion without runtime validation. This allows an unauthenticated attacker to pass a MongoDB query operator object (e.g., {"$ne": ""}) as the password field, effectively bypassing the password check and enabling login as any user, including the root administrator.

Critical Impact

Unauthenticated attackers can bypass authentication and gain access to any user account, including administrator accounts, through NoSQL injection in the login endpoint.

Affected Products

  • FastGPT versions prior to 4.14.9.5
  • FastGPT AI Agent building platform with password-based authentication enabled
  • Self-hosted FastGPT deployments using MongoDB backend

Discovery Timeline

  • April 17, 2026 - CVE-2026-40351 published to NVD
  • April 20, 2026 - Last updated in NVD database

Technical Details for CVE-2026-40351

Vulnerability Analysis

This vulnerability (CWE-943: Improper Neutralization of Special Elements in Data Query Logic) arises from improper input validation in FastGPT's password-based authentication mechanism. The application uses TypeScript type assertions to handle login credentials, but these assertions only provide compile-time type checking—not runtime validation. When a user submits login credentials, the application directly uses the password field in a MongoDB query without sanitizing or validating its structure.

MongoDB supports query operators like $ne (not equal), $gt (greater than), and $regex for flexible querying. When an attacker passes {"$ne": ""} as the password field instead of a string, MongoDB interprets this as "password is not equal to empty string"—a condition that matches any non-empty password. This transforms the intended equality check into a trivially satisfiable condition.

Root Cause

The root cause is the absence of runtime type validation for user-supplied input in the authentication flow. TypeScript's type system operates at compile time and does not enforce types at runtime. When the application receives JSON input from an HTTP request, TypeScript has no mechanism to verify that the password field is actually a string rather than an object. The fix in version 4.14.9.5 introduces proper schema validation using Zod, as evidenced by the addition of LanguageSchema with z.enum() validation in the codebase, indicating a broader effort to add runtime validation across the application.

Attack Vector

The attack can be executed remotely over the network without any prior authentication. An attacker constructs a malicious HTTP POST request to the login endpoint with the username of a target account and a MongoDB query operator object as the password. The attack requires:

  1. Network access to the FastGPT login endpoint
  2. Knowledge of a valid username (e.g., "root" or "admin" for administrator access)
  3. No user interaction or special privileges
json
// Example malicious login payload
{
  "username": "root",
  "password": {"$ne": ""}
}

This payload causes the MongoDB query to match any user where the password is not empty, effectively bypassing authentication.

Detection Methods for CVE-2026-40351

Indicators of Compromise

  • Authentication log entries showing successful logins for privileged accounts from unexpected IP addresses or locations
  • HTTP POST requests to login endpoints containing JSON objects with MongoDB operators ($ne, $gt, $regex, $exists) in credential fields
  • Unusual administrative actions or data access following suspicious authentication events
  • Multiple successful logins for the same account from different geographic locations in a short timeframe

Detection Strategies

  • Implement Web Application Firewall (WAF) rules to detect and block requests containing MongoDB query operators in JSON payloads targeting authentication endpoints
  • Deploy application-level logging that captures the structure of authentication request payloads, flagging non-string values in password fields
  • Configure SIEM alerts for authentication anomalies, including successful logins from new IP addresses for privileged accounts
  • Monitor MongoDB query logs for authentication queries containing operator syntax rather than direct value comparisons

Monitoring Recommendations

  • Enable detailed access logging on all FastGPT authentication endpoints with full request body capture (ensure secure handling of captured credentials)
  • Implement real-time alerting for any successful authentication events associated with administrator or root accounts
  • Establish baseline authentication patterns and configure anomaly detection for deviations in login frequency, timing, or source locations
  • Review authentication logs regularly for patterns indicative of credential stuffing or injection attacks

How to Mitigate CVE-2026-40351

Immediate Actions Required

  • Upgrade FastGPT to version 4.14.9.5 or later immediately to apply the security fix
  • Audit authentication logs for any signs of exploitation or unauthorized access to privileged accounts
  • Rotate credentials for all user accounts, particularly administrator and root accounts, as a precautionary measure
  • Implement network-level access controls to restrict access to the FastGPT login endpoint from trusted IP ranges only

Patch Information

The vulnerability has been addressed in FastGPT version 4.14.9.5. The security fix adds runtime input validation using Zod schema validation to ensure that credential fields are properly typed strings before being used in database queries. Organizations should update by pulling the latest release from the official GitHub repository. The specific commit addressing this issue is available in the GitHub Commit Log. Additional details can be found in the GitHub Security Advisory GHSA-x8mx-2mr7-h9xg.

Workarounds

  • Deploy a reverse proxy or WAF in front of FastGPT configured to reject any authentication requests where the password field is not a string type
  • Implement application-level input validation middleware that sanitizes and validates all incoming JSON payloads before they reach the authentication logic
  • Temporarily restrict network access to the FastGPT instance to trusted internal networks only until the patch can be applied
  • Consider disabling password-based authentication temporarily if alternative authentication methods are available
bash
# Example nginx configuration to block NoSQL injection patterns
location /api/login {
    # Block requests containing MongoDB operators in body
    if ($request_body ~* "(\$ne|\$gt|\$lt|\$gte|\$lte|\$regex|\$exists|\$or|\$and)") {
        return 403;
    }
    proxy_pass http://fastgpt_backend;
}

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne