CVE-2026-40351 Overview
CVE-2026-40351 is a critical NoSQL injection vulnerability in FastGPT, an AI Agent building platform. The vulnerability exists in versions prior to 4.14.9.5 where the password-based login endpoint uses TypeScript type assertion without runtime validation. This allows an unauthenticated attacker to pass a MongoDB query operator object (e.g., {"$ne": ""}) as the password field, effectively bypassing the password check and enabling login as any user, including the root administrator.
Critical Impact
Unauthenticated attackers can bypass authentication and gain access to any user account, including administrator accounts, through NoSQL injection in the login endpoint.
Affected Products
- FastGPT versions prior to 4.14.9.5
- FastGPT AI Agent building platform with password-based authentication enabled
- Self-hosted FastGPT deployments using MongoDB backend
Discovery Timeline
- April 17, 2026 - CVE-2026-40351 published to NVD
- April 20, 2026 - Last updated in NVD database
Technical Details for CVE-2026-40351
Vulnerability Analysis
This vulnerability (CWE-943: Improper Neutralization of Special Elements in Data Query Logic) arises from improper input validation in FastGPT's password-based authentication mechanism. The application uses TypeScript type assertions to handle login credentials, but these assertions only provide compile-time type checking—not runtime validation. When a user submits login credentials, the application directly uses the password field in a MongoDB query without sanitizing or validating its structure.
MongoDB supports query operators like $ne (not equal), $gt (greater than), and $regex for flexible querying. When an attacker passes {"$ne": ""} as the password field instead of a string, MongoDB interprets this as "password is not equal to empty string"—a condition that matches any non-empty password. This transforms the intended equality check into a trivially satisfiable condition.
Root Cause
The root cause is the absence of runtime type validation for user-supplied input in the authentication flow. TypeScript's type system operates at compile time and does not enforce types at runtime. When the application receives JSON input from an HTTP request, TypeScript has no mechanism to verify that the password field is actually a string rather than an object. The fix in version 4.14.9.5 introduces proper schema validation using Zod, as evidenced by the addition of LanguageSchema with z.enum() validation in the codebase, indicating a broader effort to add runtime validation across the application.
Attack Vector
The attack can be executed remotely over the network without any prior authentication. An attacker constructs a malicious HTTP POST request to the login endpoint with the username of a target account and a MongoDB query operator object as the password. The attack requires:
- Network access to the FastGPT login endpoint
- Knowledge of a valid username (e.g., "root" or "admin" for administrator access)
- No user interaction or special privileges
// Example malicious login payload
{
"username": "root",
"password": {"$ne": ""}
}
This payload causes the MongoDB query to match any user where the password is not empty, effectively bypassing authentication.
Detection Methods for CVE-2026-40351
Indicators of Compromise
- Authentication log entries showing successful logins for privileged accounts from unexpected IP addresses or locations
- HTTP POST requests to login endpoints containing JSON objects with MongoDB operators ($ne, $gt, $regex, $exists) in credential fields
- Unusual administrative actions or data access following suspicious authentication events
- Multiple successful logins for the same account from different geographic locations in a short timeframe
Detection Strategies
- Implement Web Application Firewall (WAF) rules to detect and block requests containing MongoDB query operators in JSON payloads targeting authentication endpoints
- Deploy application-level logging that captures the structure of authentication request payloads, flagging non-string values in password fields
- Configure SIEM alerts for authentication anomalies, including successful logins from new IP addresses for privileged accounts
- Monitor MongoDB query logs for authentication queries containing operator syntax rather than direct value comparisons
Monitoring Recommendations
- Enable detailed access logging on all FastGPT authentication endpoints with full request body capture (ensure secure handling of captured credentials)
- Implement real-time alerting for any successful authentication events associated with administrator or root accounts
- Establish baseline authentication patterns and configure anomaly detection for deviations in login frequency, timing, or source locations
- Review authentication logs regularly for patterns indicative of credential stuffing or injection attacks
How to Mitigate CVE-2026-40351
Immediate Actions Required
- Upgrade FastGPT to version 4.14.9.5 or later immediately to apply the security fix
- Audit authentication logs for any signs of exploitation or unauthorized access to privileged accounts
- Rotate credentials for all user accounts, particularly administrator and root accounts, as a precautionary measure
- Implement network-level access controls to restrict access to the FastGPT login endpoint from trusted IP ranges only
Patch Information
The vulnerability has been addressed in FastGPT version 4.14.9.5. The security fix adds runtime input validation using Zod schema validation to ensure that credential fields are properly typed strings before being used in database queries. Organizations should update by pulling the latest release from the official GitHub repository. The specific commit addressing this issue is available in the GitHub Commit Log. Additional details can be found in the GitHub Security Advisory GHSA-x8mx-2mr7-h9xg.
Workarounds
- Deploy a reverse proxy or WAF in front of FastGPT configured to reject any authentication requests where the password field is not a string type
- Implement application-level input validation middleware that sanitizes and validates all incoming JSON payloads before they reach the authentication logic
- Temporarily restrict network access to the FastGPT instance to trusted internal networks only until the patch can be applied
- Consider disabling password-based authentication temporarily if alternative authentication methods are available
# Example nginx configuration to block NoSQL injection patterns
location /api/login {
# Block requests containing MongoDB operators in body
if ($request_body ~* "(\$ne|\$gt|\$lt|\$gte|\$lte|\$regex|\$exists|\$or|\$and)") {
return 403;
}
proxy_pass http://fastgpt_backend;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
