Q: Who is affected? (Versions/Components)

📦 **Affected**: labring FastGPT. 📉 **Versions**: All versions prior to **4.14.9.5**. 🏢 **Vendor**: labring (Open Source LLM Knowledge Base System).

Q: Is exploitation threshold high? (Auth/Config)

⚡ **Threshold**: LOW. 🚫 **Auth**: None required (Unauthenticated). 🌐 **Network**: Remote (AV:N). 🎯 **Complexity**: Low (AC:L). No user interaction needed (UI:N).

Q: Is there a public Exp? (PoC/Wild Exploitation)

📜 **Public Exp?**: No specific PoC code provided in data. 🔍 **Status**: Advisory confirmed via GitHub Security Advisories (GHSA-x8mx-2mr7-h9xg). ⚠️ **Risk**: High likelihood of wild exploitation due to low complexity.

Q: How to self-check? (Features/Scanning)

🔍 **Check**: Scan for FastGPT instances. 📌 **Verify**: Check version number in UI or API response. 🛠️ **Tool**: Look for the specific login endpoint behavior if fuzzing. 🚩 **Flag**: Any version < 4.14.9.5 is vulnerable.

Q: Is it fixed officially? (Patch/Mitigation)

✅ **Fixed**: Yes. 📥 **Patch**: Upgrade to **FastGPT v4.14.9.5** or later. 🔗 **Source**: Official GitHub Release & Commit bd966d479fbe414d02679cf79f9eaaab3d100a2d.

Q: Is it urgent? (Priority Suggestion)

🔥 **Urgency**: CRITICAL. 📈 **CVSS**: 9.8 (High). 🚨 **Action**: Patch IMMEDIATELY. This is an unauthenticated remote code execution equivalent. Do not delay.

Question 1

What is this vulnerability? (Essence + Consequences)

Accepted Answer

🚨 **Essence**: FastGPT < 4.14.9.5 has a critical auth bypass. 💥 **Consequences**: Attackers can inject MongoDB operators via the password login endpoint.…

Question 2

Root Cause? (CWE/Flaw)

Accepted Answer

🛡️ **Root Cause**: CWE-943 (Improper Neutralization of Special Elements in Data). 🐛 **Flaw**: The login endpoint uses TypeScript type assertions without runtime checks.…

Question 3

Who is affected? (Versions/Components)

Accepted Answer

📦 **Affected**: labring FastGPT. 📉 **Versions**: All versions prior to **4.14.9.5**. 🏢 **Vendor**: labring (Open Source LLM Knowledge Base System).

Question 4

What can hackers do? (Privileges/Data)

Accepted Answer

🕵️ **Hackers Can**: Bypass authentication entirely. 📂 **Access**: Full read/write access to the MongoDB database.…

Question 5

Is exploitation threshold high? (Auth/Config)

Accepted Answer

⚡ **Threshold**: LOW. 🚫 **Auth**: None required (Unauthenticated). 🌐 **Network**: Remote (AV:N). 🎯 **Complexity**: Low (AC:L). No user interaction needed (UI:N).

Question 6

Is there a public Exp? (PoC/Wild Exploitation)

Accepted Answer

📜 **Public Exp?**: No specific PoC code provided in data. 🔍 **Status**: Advisory confirmed via GitHub Security Advisories (GHSA-x8mx-2mr7-h9xg). ⚠️ **Risk**: High likelihood of wild exploitation due to low complexity.

Question 7

How to self-check? (Features/Scanning)

Accepted Answer

🔍 **Check**: Scan for FastGPT instances. 📌 **Verify**: Check version number in UI or API response. 🛠️ **Tool**: Look for the specific login endpoint behavior if fuzzing. 🚩 **Flag**: Any version < 4.14.9.5 is vulnerable.

Question 8

Is it fixed officially? (Patch/Mitigation)

Accepted Answer

✅ **Fixed**: Yes. 📥 **Patch**: Upgrade to **FastGPT v4.14.9.5** or later. 🔗 **Source**: Official GitHub Release & Commit bd966d479fbe414d02679cf79f9eaaab3d100a2d.

Question 9

What if no patch? (Workaround)

Accepted Answer

🚧 **No Patch?**: Implement strict input validation on the login endpoint. 🛑 **Mitigate**: Block direct MongoDB query operator injection patterns. 📉 **Limit**: Restrict network access to the login API if possible.…

Question 10

Is it urgent? (Priority Suggestion)

Accepted Answer

🔥 **Urgency**: CRITICAL. 📈 **CVSS**: 9.8 (High). 🚨 **Action**: Patch IMMEDIATELY. This is an unauthenticated remote code execution equivalent. Do not delay.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-40351 — AI Deep Analysis Summary

Q1What is this vulnerability? (Essence + Consequences)

Q2Root Cause? (CWE/Flaw)

Q3Who is affected? (Versions/Components)

Q4What can hackers do? (Privileges/Data)

Q5Is exploitation threshold high? (Auth/Config)

Q6Is there a public Exp? (PoC/Wild Exploitation)

Q7How to self-check? (Features/Scanning)

Q8Is it fixed officially? (Patch/Mitigation)

Q9What if no patch? (Workaround)

Q10Is it urgent? (Priority Suggestion)

Continue exploring