Patches critical auth bypass in FastGPT password login
TL;DR — FastGPT’s password-based login can be bypassed via NoSQL injection by sending a MongoDB operator object as the password, enabling unauthenticated login as arbitrary users (including root).
What happened
FastGPT is an AI agent building platform that includes a server-side API for user authentication and management.
CVE-2026-40351 is a Critical (CVSS 3.1 9.8) authentication bypass caused by NoSQL injection in the password-based login flow. Per the GitHub advisory referenced by the CVE record, the login handler uses TypeScript type assertions without runtime type validation, allowing an attacker to submit a MongoDB query operator object for the password field (for example, {"$ne":""}) and bypass the password check.
The advisory’s PoC targets the endpoint POST /api/support/user/account/loginByPassword, demonstrating that a crafted JSON body can cause the database query to match without a valid password, enabling login as any account (including the root administrator).
Why it matters: auth-bypass bugs in “admin-capable” self-hosted platforms are immediate platform-takeover risk, and TypeScript compile-time typing is a recurring footgun when request bodies flow into query objects without runtime validation.
Who is impacted
- Self-hosted FastGPT deployments running versions prior to
4.14.9.5(per the CVE record and GitHub advisory). - Any deployment exposing the password login endpoint where attacker-controlled JSON is used to build MongoDB queries.
| Component | Affected versions (per advisory/CVE record) | Patched versions (per advisory/CVE record) |
|---|---|---|
FastGPT | < 4.14.9.5 | 4.14.9.5 |
Note: the GitHub advisory page also lists “Affected Versions: <= 4.14.8.3” in its vulnerability information section while separately listing affected as < 4.14.9.5; treat < 4.14.9.5 as the broadest stated impacted range.
What to do now
- Follow vendor remediation guidance and apply the patched release listed in the advisory/CVE record (
4.14.9.5). - Treat this as potential account compromise risk: review auth logs for suspicious logins to privileged users (especially
root) and rotate secrets accessible to the FastGPT service if suspicious activity is found. - If you maintain or fork FastGPT, implement strict runtime validation for request bodies before they reach database query construction.
"Use a schema validation library like Zod to enforce that the input is strictly a string"
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.