{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/fastgpt/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-40351"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["NoSQL injection","authentication bypass","CVE-2026-40351","FastGPT"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eFastGPT is an AI Agent building platform. Versions prior to 4.14.9.5 are susceptible to a critical NoSQL injection vulnerability (CVE-2026-40351) affecting the password-based login endpoint. The vulnerability stems from the use of TypeScript type assertion without runtime validation, enabling unauthenticated attackers to inject MongoDB query operators within the password field. This bypasses the intended password check, granting the attacker the ability to authenticate as any user, including the root administrator. Successful exploitation leads to complete control over the FastGPT instance and its associated data. This vulnerability was addressed in FastGPT version 4.14.9.5. All users of FastGPT versions prior to 4.14.9.5 are vulnerable to this attack.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a vulnerable FastGPT instance running a version prior to 4.14.9.5.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP POST request to the password-based login endpoint.\u003c/li\u003e\n\u003cli\u003eWithin the POST request body, the attacker places a MongoDB query operator object (e.g., \u003ccode\u003e{\u0026quot;$ne\u0026quot;: \u0026quot;\u0026quot;}\u003c/code\u003e) in the password field, bypassing the standard password check.\u003c/li\u003e\n\u003cli\u003eThe vulnerable FastGPT application processes the malicious request without proper validation.\u003c/li\u003e\n\u003cli\u003eThe MongoDB query operator is executed, bypassing the authentication mechanism.\u003c/li\u003e\n\u003cli\u003eThe attacker is granted unauthorized access to the FastGPT application, assuming the identity of an arbitrary user, including the root administrator.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages their administrative privileges to access sensitive data, modify configurations, or perform other malicious actions within the FastGPT instance.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-40351 allows an unauthenticated attacker to gain complete control over a FastGPT instance. This can lead to unauthorized access to sensitive AI agent configurations, user data, and other critical information. The impact includes data breaches, service disruption, and potential compromise of downstream systems that rely on the FastGPT platform. Given the critical nature of AI agent building platforms, the compromise of a FastGPT instance can have far-reaching consequences.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade all FastGPT instances to version 4.14.9.5 or later to patch CVE-2026-40351.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect FastGPT NoSQL Injection Attempt\u003c/code\u003e to identify potential exploitation attempts targeting the login endpoint.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual POST requests to the login endpoint, specifically looking for MongoDB query operators within the password field as detected by rule \u003ccode\u003eDetect FastGPT NoSQL Injection Attempt\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eReview and restrict network access to the FastGPT instance to only authorized users and systems to minimize the attack surface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-18T12:00:00Z","date_published":"2026-04-18T12:00:00Z","id":"/briefs/2026-04-fastgpt-nosql-injection/","summary":"FastGPT versions before 4.14.9.5 are vulnerable to NoSQL injection, allowing unauthenticated attackers to bypass authentication and gain administrative access.","title":"FastGPT NoSQL Injection Vulnerability (CVE-2026-40351)","url":"https://feed.craftedsignal.io/briefs/2026-04-fastgpt-nosql-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-40352"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["nosql-injection","account-takeover","cve","fastgpt","privilege-escalation"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eFastGPT, an AI Agent building platform, is susceptible to a critical NoSQL injection vulnerability affecting versions before 4.14.9.5. The flaw resides within the password change endpoint, enabling an authenticated attacker to circumvent the necessary \u0026ldquo;old password\u0026rdquo; verification process. By injecting MongoDB query operators, an attacker with an existing, low-privileged session can manipulate password changes for their own account, or potentially other accounts if combined with ID manipulation techniques. This exploit leads to full account takeover, allowing attackers to maintain persistence and potentially compromise sensitive data. This vulnerability has been patched in version 4.14.9.5, urging users to upgrade immediately.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains initial access to a FastGPT account with low privileges through legitimate means (e.g., registration or stolen credentials).\u003c/li\u003e\n\u003cli\u003eAttacker navigates to the password change endpoint within the FastGPT application.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request to the password change endpoint, injecting MongoDB query operators into the \u0026ldquo;old password\u0026rdquo; field. For example, using a payload like \u003ccode\u003e{$ne: \u0026quot;legitimate_old_password\u0026quot;}\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe application\u0026rsquo;s backend improperly processes the injected query operators, failing to correctly validate the old password against the stored hash.\u003c/li\u003e\n\u003cli\u003eThe attacker provides a new password and confirms it within the crafted request.\u003c/li\u003e\n\u003cli\u003eThe FastGPT application updates the account\u0026rsquo;s password in the database, replacing the original password with the attacker-controlled value.\u003c/li\u003e\n\u003cli\u003eThe attacker logs out and logs back in using the newly set password, gaining full control of the compromised account.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the compromised account to access sensitive data, modify configurations, or perform other malicious activities within the FastGPT platform.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to take complete control of FastGPT accounts. The consequences range from unauthorized access to sensitive data and configurations to potential manipulation of AI agent behavior. This account takeover can lead to data breaches, service disruption, and reputational damage. While the specific number of victims is unknown, any FastGPT instance running a version prior to 4.14.9.5 is vulnerable, potentially affecting a wide range of users and organizations. The CVSS v3.1 base score of 8.8 highlights the severity of this issue.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade all FastGPT installations to version 4.14.9.5 or later to patch the NoSQL injection vulnerability (CVE-2026-40352).\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u003ccode\u003eDetect FastGPT Password Reset Bypass\u003c/code\u003e to detect potential exploitation attempts against the password change endpoint.\u003c/li\u003e\n\u003cli\u003eReview FastGPT webserver logs for unusual patterns or MongoDB query operators within requests to the password change endpoint to identify potential compromises.\u003c/li\u003e\n\u003cli\u003eEnable and review detailed webserver logging for FastGPT to increase visibility into HTTP requests.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-17T22:16:32Z","date_published":"2026-04-17T22:16:32Z","id":"/briefs/2026-04-fastgpt-nosql/","summary":"FastGPT versions prior to 4.14.9.5 are vulnerable to NoSQL injection in the password change endpoint, allowing authenticated attackers to bypass password verification and perform account takeover.","title":"FastGPT NoSQL Injection Vulnerability in Password Change Endpoint","url":"https://feed.craftedsignal.io/briefs/2026-04-fastgpt-nosql/"},{"_cs_actors":[],"_cs_cves":[{"cvss":10,"id":"CVE-2026-34162"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["fastgpt","vulnerability","information-disclosure"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical vulnerability, CVE-2026-34162, has been identified in FastGPT, a framework for building AI-powered applications. The vulnerability resides in the HTTP tools testing endpoint, which is accessible without authentication. This allows an unauthenticated attacker to send arbitrary server-side HTTP requests and receive the responses. If the default admin token is not changed, an attacker can access the proxy management API to exfiltrate third-party API keys. Furthermore, the attacker can interact with and potentially exploit all Docker Compose internal services by manipulating HTTP headers. This issue was publicly disclosed on April 1, 2026, by CCB Belgium, who strongly recommends immediate patching. The vulnerability is patched in version 4.14.9.5. Successful exploitation can lead to complete control over the internal network and sensitive data exposure.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a vulnerable FastGPT instance exposed to the network.\u003c/li\u003e\n\u003cli\u003eThe attacker accesses the FastGPT HTTP tools testing endpoint without authentication.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the endpoint to send arbitrary HTTP requests to the FastGPT server itself or internal services.\u003c/li\u003e\n\u003cli\u003eIf the default admin token is unchanged, the attacker uses the HTTP proxy functionality to access the proxy management API.\u003c/li\u003e\n\u003cli\u003eThe attacker exfiltrates third-party API keys stored within the FastGPT configuration.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the exfiltrated API keys to access external services, potentially causing further damage.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the HTTP proxy functionality, including custom headers, to interact with other Docker Compose internal services.\u003c/li\u003e\n\u003cli\u003eThe attacker exploits vulnerabilities in these internal services, leading to complete access to the internal network and sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-34162 can lead to the complete compromise of the FastGPT server and the internal network it manages. An attacker can exfiltrate sensitive API keys, gain unauthorized access to internal services, and potentially pivot to other systems within the network. The vulnerability poses a high risk to the confidentiality and integrity of data, potentially impacting numerous organizations relying on FastGPT for their AI-powered applications. The CCB Belgium advisory highlights the potential for widespread impact given the nature of the vulnerability and the popularity of FastGPT.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch FastGPT instances to version 4.14.9.5 to remediate CVE-2026-34162 as per the vendor advisory.\u003c/li\u003e\n\u003cli\u003eImplement the remediations documented in the vendor advisory to strengthen the security of FastGPT instances.\u003c/li\u003e\n\u003cli\u003eUpscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion, as recommended by the CCB.\u003c/li\u003e\n\u003cli\u003eInvestigate and report any suspected intrusions using the incident reporting URL found in the advisory (\u003ca href=\"https://ccb.belgium.be/report-incident)\"\u003ehttps://ccb.belgium.be/report-incident)\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-01T16:12:02Z","date_published":"2026-04-01T16:12:02Z","id":"/briefs/2026-04-fastgpt-vuln/","summary":"CVE-2026-34162 in FastGPT allows unauthenticated attackers to exfiltrate API keys and gain complete access to internal services managed by Docker Compose by sending arbitrary HTTP requests, leading to potential compromise of the internal network.","title":"Critical Vulnerability in FastGPT Allows API Key Exfiltration and Internal Network Access","url":"https://feed.craftedsignal.io/briefs/2026-04-fastgpt-vuln/"}],"language":"en","title":"CraftedSignal Threat Feed — FastGPT","version":"https://jsonfeed.org/version/1.1"}