The FastGPT AI platform has critical security vulnerabilities that allow attackers to bypass authentication and inject malicious queries into the database.

🚨 EUVD-2026-23557 📊 Score: 9.8/10 (CVSS v3.1) 📦 Product: FastGPT 🏢 Vendor: labring 📅 Updated: 2026-04-17 📝 FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object (e.g., {"$ne": ... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23557 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23559 📊 Score: 8.8/10 (CVSS v3.1) 📦 Product: FastGPT 🏢 Vendor: labring 📅 Updated: 2026-04-17 📝 FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This allows an ... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23559 #cybersecurity #infosec #euvd #cve #vulnerability