Black & White Path

May 12, 2026 · Information Security

How FastGPT’s NoSQL Injection (CVE‑2026‑40351) Enables Admin Login Bypass – A Deep Dive

The FastGPT AI Agent platform suffers a critical NoSQL injection (CVE‑2026‑40351) that lets attackers bypass authentication by injecting MongoDB operators into the password field, granting admin or root access, and the article details the flaw, its impact, proof‑of‑concept, and mitigation steps.