{"data":{"id":"72c2b370-b212-4444-9860-751cad71fb7a","title":"CVE-2026-40352: FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to N","summary":"FastGPT, an AI Agent building platform, has a vulnerability in its password change feature in versions before 4.14.9.5 where attackers can use NoSQL injection (inserting MongoDB operators into input fields to manipulate database queries) to bypass password verification and take over accounts without knowing the current password.","solution":"Update FastGPT to version 4.14.9.5 or later, where this issue has been fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-40352","publishedAt":"2026-04-17T22:16:32.940Z","cveId":"CVE-2026-40352","cweIds":["CWE-943"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["FastGPT"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-17T22:16:32.940Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}