CVE-2026-40352

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.14.9.5

Description The password change endpoint is susceptible to NoSQL injection, a technique where MongoDB query operators are injected into a database query. An authenticated attacker can use this to bypass the verification of the old password. This allows a user with a low-privileged session to change account passwords without knowing the current one, potentially leading to full account takeover and persistence.

Recommendations Update to version 4.14.9.5.