CVE-2026-40352 Overview
CVE-2026-40352 is a NoSQL injection vulnerability affecting FastGPT, an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection attacks. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators, allowing unauthorized password changes without knowing the current password.
Critical Impact
This vulnerability enables full account takeover and persistence. An attacker with low-privileged session access can change account passwords without authentication, potentially compromising the entire FastGPT deployment and any connected AI agents or sensitive data.
Affected Products
- FastGPT versions prior to 4.14.9.5
- FastGPT AI Agent building platform (self-hosted deployments)
- FastGPT instances with MongoDB backend
Discovery Timeline
- 2026-04-17 - CVE-2026-40352 published to NVD
- 2026-04-20 - Last updated in NVD database
Technical Details for CVE-2026-40352
Vulnerability Analysis
This vulnerability represents a classic NoSQL injection attack pattern targeting MongoDB-backed applications. The password change functionality in FastGPT fails to properly sanitize user input before constructing MongoDB queries. When a user attempts to change their password, the application accepts the "old password" parameter and uses it directly in a query to verify the user's identity. An attacker can exploit this by injecting MongoDB query operators such as $ne (not equal), $gt (greater than), or $regex to manipulate the query logic and bypass the password verification entirely.
The vulnerability is classified under CWE-943 (Improper Neutralization of Special Elements in Data Query Logic), which specifically addresses injection flaws in NoSQL databases. Unlike traditional SQL injection, NoSQL injection exploits the JSON-based query structure of databases like MongoDB.
Root Cause
The root cause is improper input validation and sanitization in the password change endpoint. The application directly incorporates user-supplied data into MongoDB queries without checking for or escaping special query operators. This allows attackers to modify the intended query logic by passing objects with MongoDB operators instead of simple string values.
For example, instead of passing a string for the old password field, an attacker can pass a JSON object like {"$ne": ""} which effectively tells MongoDB to match any password that is "not equal to empty string" - which would match any valid password.
Attack Vector
The attack requires network access and a low-privileged authenticated session. The attacker sends a crafted request to the password change endpoint with MongoDB query operators embedded in the old password field. This bypasses the verification check and allows setting a new password of the attacker's choosing. If combined with ID manipulation, this could potentially allow changing passwords of other accounts, leading to widespread account compromise.
The following code shows part of the security patch applied in the fix:
export type localeType = `${LangEnum}`;
export const LocaleList = ['en', 'zh-CN', 'zh-Hant'] as const;
+export const LanguageSchema = z.enum(LocaleList).meta({ description: '用户语言偏好' });
export const langMap = {
[LangEnum.en]: {
label: 'English(US)',
Source: GitHub Commit
The patch introduces schema validation using Zod to enforce strict typing on user inputs, preventing the injection of arbitrary objects containing MongoDB operators.
Detection Methods for CVE-2026-40352
Indicators of Compromise
- Unusual password change requests containing JSON objects or special characters like $ne, $gt, $regex, $exists in authentication fields
- Multiple failed authentication attempts followed by successful password changes without valid credentials
- Audit logs showing password modifications where the old password verification appears to have been bypassed
- Unexpected account lockouts or password reset notifications reported by legitimate users
Detection Strategies
- Implement Web Application Firewall (WAF) rules to detect MongoDB operators in request parameters, specifically looking for patterns like {"$ne":, {"$gt":, and {"$regex":
- Monitor application logs for password change requests with non-string values in the old password field
- Deploy runtime application self-protection (RASP) solutions that can detect NoSQL injection attempts at the application layer
- Implement anomaly detection for authentication-related API endpoints to identify unusual request patterns
Monitoring Recommendations
- Enable detailed logging on the password change endpoint to capture full request payloads for forensic analysis
- Set up alerts for any password change activity that doesn't follow expected user behavior patterns
- Monitor MongoDB query logs for unexpected query structures or operators in authentication-related collections
- Implement user behavior analytics to detect account takeover attempts based on post-compromise activities
How to Mitigate CVE-2026-40352
Immediate Actions Required
- Upgrade FastGPT to version 4.14.9.5 or later immediately
- Audit recent password change activities for any suspicious modifications
- Force password resets for all user accounts if compromise is suspected
- Review and revoke any suspicious sessions or API tokens
- Enable multi-factor authentication (MFA) if available to add an additional layer of protection
Patch Information
The vulnerability has been patched in FastGPT version 4.14.9.5. The fix implements proper input validation using schema validation (Zod) to ensure that authentication parameters are strictly typed as strings and cannot contain MongoDB query operators. Organizations should upgrade immediately by following the official release notes available at the FastGPT GitHub Releases page. Additional details about the security fix can be found in the GitHub Security Advisory.
Workarounds
- Implement input validation at the reverse proxy or WAF level to reject requests containing MongoDB operators in authentication fields
- Deploy network segmentation to limit access to the FastGPT application from untrusted networks
- Monitor and rate-limit password change requests to detect and block potential exploitation attempts
- Consider temporarily disabling the password change functionality until the patch can be applied if immediate upgrade is not possible
# Example WAF rule to block MongoDB operators in request body (ModSecurity format)
SecRule REQUEST_BODY "@rx \{\s*\"\$(ne|gt|lt|gte|lte|eq|regex|exists|in|nin)" \
"id:100001,phase:2,deny,status:403,msg:'Potential NoSQL Injection Detected'"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
