CVE-2026-40351
Summary: CVE-2026-40351 affects FastGPT. In versions prior to 4.14.9.5, the password login endpoint uses TypeScript type assertions without runtime validation, allowing an unauthenticated attacker to provide a MongoDB query operator as the password (e.g., {"$ne": ""}), bypassing authentication an...