Tag
critical
advisory
FastGPT NoSQL Injection Vulnerability (CVE-2026-40351)
2 rules 1 TTP 1 CVEFastGPT versions before 4.14.9.5 are vulnerable to NoSQL injection, allowing unauthenticated attackers to bypass authentication and gain administrative access.
NoSQL injection
authentication bypass
CVE-2026-40351
FastGPT
2r
1t
1c
high
advisory
FastGPT NoSQL Injection Vulnerability in Password Change Endpoint
2 rules 2 TTPs 1 CVEFastGPT versions prior to 4.14.9.5 are vulnerable to NoSQL injection in the password change endpoint, allowing authenticated attackers to bypass password verification and perform account takeover.
nosql-injection
account-takeover
cve
fastgpt
privilege-escalation
2r
2t
1c
critical
advisory
Critical Vulnerability in FastGPT Allows API Key Exfiltration and Internal Network Access
2 rules 3 TTPs 1 CVE 1 IOCCVE-2026-34162 in FastGPT allows unauthenticated attackers to exfiltrate API keys and gain complete access to internal services managed by Docker Compose by sending arbitrary HTTP requests, leading to potential compromise of the internal network.
fastgpt
vulnerability
information-disclosure
2r
3t
1c
1i