FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacke…

FastGPT AI Agent building platform contains a critical NoSQL injection vulnerability in versions prior to 4.14.9.5. The vulnerability exists in the password change endpoint where authenticated attackers can bypass old password verification by injecting MongoDB query operators. This allows low-privileged users to change passwords without knowing the current one, potentially leading to full account takeover. The vulnerability can be combined with ID manipulation to target other user accounts. The issue enables persistence and complete account compromise for attackers who have gained initial low-privileged access.