Agents
FastGPT Agent Platform Hit with CVSS 9.8 NoSQL Injection Enabling Unauthenticated Admin Takeover
CVE-2026-40351 (CVSS 9.8) allows unauthenticated attackers to bypass password checks on FastGPT's login endpoint by passing a MongoDB query operator object as the password field, gaining root administrator access. A companion CVE-2026-40352 (High severity) enables authenticated attackers to change any account's password without knowing the current one via a second NoSQL injection in the password change endpoint. Both are fixed in FastGPT 4.14.9.5.
Source
↳ Follow the thread