CVE-2026-40352: FastGPT Auth Bypass Vulnerability

CVE-2026-40352 Overview

CVE-2026-40352 is a NoSQL injection vulnerability affecting FastGPT, an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection attacks. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators, allowing unauthorized password changes without knowing the current password.

Critical Impact

This vulnerability enables full account takeover and persistence. An attacker with low-privileged session access can change account passwords without authentication, potentially compromising the entire FastGPT deployment and any connected AI agents or sensitive data.

Affected Products

• FastGPT versions prior to 4.14.9.5
• FastGPT AI Agent building platform (self-hosted deployments)
• FastGPT instances with MongoDB backend

Discovery Timeline

• 2026-04-17 - CVE-2026-40352 published to NVD
• 2026-04-20 - Last updated in NVD database

Technical Details for CVE-2026-40352

Vulnerability Analysis

This vulnerability represents a classic NoSQL injection attack pattern targeting MongoDB-backed applications. The password change functionality in FastGPT fails to properly sanitize user input before constructing MongoDB queries. When a user attempts to change their password, the application accepts the "old password" parameter and uses it directly in a query to verify the user's identity. An attacker can exploit this by injecting MongoDB query operators such as $ne (not equal), $gt (greater than), or $regex to manipulate the query logic and bypass the password verification entirely.

The vulnerability is classified under CWE-943 (Improper Neutralization of Special Elements in Data Query Logic), which specifically addresses injection flaws in NoSQL databases. Unlike traditional SQL injection, NoSQL injection exploits the JSON-based query structure of databases like MongoDB.

Root Cause

The root cause is improper input validation and sanitization in the password change endpoint. The application directly incorporates user-supplied data into MongoDB queries without checking for or escaping special query operators. This allows attackers to modify the intended query logic by passing objects with MongoDB operators instead of simple string values.

For example, instead of passing a string for the old password field, an attacker can pass a JSON object like {"$ne": ""} which effectively tells MongoDB to match any password that is "not equal to empty string" - which would match any valid password.

Attack Vector

The attack requires network access and a low-privileged authenticated session. The attacker sends a crafted request to the password change endpoint with MongoDB query operators embedded in the old password field. This bypasses the verification check and allows setting a new password of the attacker's choosing. If combined with ID manipulation, this could potentially allow changing passwords of other accounts, leading to widespread account compromise.

The following code shows part of the security patch applied in the fix:

export type localeType = `${LangEnum}`;
export const LocaleList = ['en', 'zh-CN', 'zh-Hant'] as const;

+export const LanguageSchema = z.enum(LocaleList).meta({ description: '用户语言偏好' });

export const langMap = {
  [LangEnum.en]: {
    label: 'English(US)',

Source: GitHub Commit

The patch introduces schema validation using Zod to enforce strict typing on user inputs, preventing the injection of arbitrary objects containing MongoDB operators.

Detection Methods for CVE-2026-40352

Indicators of Compromise

• Unusual password change requests containing JSON objects or special characters like $ne, $gt, $regex, $exists in authentication fields
• Multiple failed authentication attempts followed by successful password changes without valid credentials
• Audit logs showing password modifications where the old password verification appears to have been bypassed
• Unexpected account lockouts or password reset notifications reported by legitimate users

Detection Strategies

• Implement Web Application Firewall (WAF) rules to detect MongoDB operators in request parameters, specifically looking for patterns like {"$ne":, {"$gt":, and {"$regex":
• Monitor application logs for password change requests with non-string values in the old password field
• Deploy runtime application self-protection (RASP) solutions that can detect NoSQL injection attempts at the application layer
• Implement anomaly detection for authentication-related API endpoints to identify unusual request patterns

Monitoring Recommendations

• Enable detailed logging on the password change endpoint to capture full request payloads for forensic analysis
• Set up alerts for any password change activity that doesn't follow expected user behavior patterns
• Monitor MongoDB query logs for unexpected query structures or operators in authentication-related collections
• Implement user behavior analytics to detect account takeover attempts based on post-compromise activities

How to Mitigate CVE-2026-40352

Immediate Actions Required

• Upgrade FastGPT to version 4.14.9.5 or later immediately
• Audit recent password change activities for any suspicious modifications
• Force password resets for all user accounts if compromise is suspected
• Review and revoke any suspicious sessions or API tokens
• Enable multi-factor authentication (MFA) if available to add an additional layer of protection

Patch Information

The vulnerability has been patched in FastGPT version 4.14.9.5. The fix implements proper input validation using schema validation (Zod) to ensure that authentication parameters are strictly typed as strings and cannot contain MongoDB query operators. Organizations should upgrade immediately by following the official release notes available at the FastGPT GitHub Releases page. Additional details about the security fix can be found in the GitHub Security Advisory.

Workarounds

• Implement input validation at the reverse proxy or WAF level to reject requests containing MongoDB operators in authentication fields
• Deploy network segmentation to limit access to the FastGPT application from untrusted networks
• Monitor and rate-limit password change requests to detect and block potential exploitation attempts
• Consider temporarily disabling the password change functionality until the patch can be applied if immediate upgrade is not possible

# Example WAF rule to block MongoDB operators in request body (ModSecurity format)
SecRule REQUEST_BODY "@rx \{\s*\"\$(ne|gt|lt|gte|lte|eq|regex|exists|in|nin)" \
    "id:100001,phase:2,deny,status:403,msg:'Potential NoSQL Injection Detected'"