Hallucination Attacks in Express with Mongodb
Hallucination Attacks in Express with Mongodb — how this specific combination creates or exposes the vulnerability
Hallucination attacks in an Express application using MongoDB typically occur when user-influenced input affects database operations in ways that cause the application to return fabricated or incorrect data. This can happen through unsafe query construction, missing validation, or improper handling of field names and values that change the meaning of queries.
Express does not introduce MongoDB-specific risks by itself, but its routing and middleware patterns can inadvertently allow tainted request data to directly shape MongoDB queries. For example, if route parameters or JSON body fields are used to construct query objects without strict allowlisting, an attacker can inject conditions that change result sets or bypass intended filters. Consider a route that builds a find filter from request query parameters:
const filter = {};
if (req.query.status) {
filter.status = req.query.status;
}
if (req.query.minScore) {
filter.score = { $gte: Number(req.query.minScore) };
}
const docs = await db.collection('items').find(filter).toArray();
An attacker supplying status[$ne]= or embedding nested operators can shift the filter semantics, potentially returning unintended documents or exposing data that should remain hidden. This data manipulation can be interpreted as hallucination when the response contains records the client did not expect or when expected records are absent due to altered matching logic.
Another vector arises when field names or projection keys are derived from user input. If an endpoint dynamically includes request-supplied keys in the projection, it may inadvertently reveal or suppress fields, distorting the returned document shape:
const projection = {};
if (req.query.fields) {
req.query.fields.split(',').forEach((f) => {
projection[f.trim()] = 1;
});
}
const docs = await db.collection('items').find({}, { projection }).toArray();
An attacker providing fields like __proto__, constructor, or sensitive attributes can distort the response or trigger unexpected behavior in the runtime environment. Because MongoDB operations are sensitive to the structure of the query and projection objects, these seemingly benign manipulations can produce inconsistent or misleading results, effectively hallucinating data that does not align with the intended business logic.
LLM/AI Security checks in middleBrick are relevant here because hallucination-style output can also stem from how an API exposes data to language models. If an API endpoint returns MongoDB-derived data that is then consumed by an LLM pipeline, inconsistencies or injected content can propagate into model outputs. middleBrick’s LLM/AI Security checks, including system prompt leakage detection and active prompt injection testing, help identify whether API data paths might contribute to unreliable downstream AI behavior.
Mongodb-Specific Remediation in Express — concrete code fixes
Remediation centers on strict input validation, allowlisting, and avoiding dynamic query assembly based on raw user input. Use a validation library to enforce expected shapes and types before constructing MongoDB queries.
Instead of building a filter from arbitrary query parameters, explicitly map allowed fields and operators. For example:
const allowedStatuses = ['active', 'inactive', 'pending'];
const filter = {};
if (req.query.status) {
if (!allowedStatuses.includes(req.query.status)) {
return res.status(400).json({ error: 'invalid status' });
}
filter.status = req.query.status;
}
if (req.query.minScore !== undefined) {
const min = Number(req.query.minScore);
if (Number.isNaN(min)) {
return res.status(400).json({ error: 'minScore must be a number' });
}
filter.score = { $gte: min };
}
const docs = await db.collection('items').find(filter).toArray();
This approach prevents injection of MongoDB operators via query parameters and ensures only expected values reach the database. For projections, use an allowlist of known safe fields rather than reflecting request input:
const safeFields = { name: 1, email: 1, createdAt: 1 };
const projection = {};
if (req.query.fields) {
req.query.fields.split(',').forEach((f) => {
const key = f.trim();
if (safeFields[key]) {
projection[key] = 1;
}
});
}
// Always include _id unless explicitly excluded via safeFields
const docs = await db.collection('items').find({}, { projection }).toArray();
Additionally, avoid passing request data directly into aggregation pipelines or using concatenated strings for collection or field names. If dynamic collection names are required, validate them against a strict set of known values. For runtime visibility into API security posture, use the middleBrick CLI to scan from terminal with middlebrick scan <url> or integrate the GitHub Action to add API security checks to your CI/CD pipeline, failing builds if risk scores drop below your chosen threshold.
For broader API coverage, the Web Dashboard lets you track these endpoints over time, and the Pro plan supports continuous monitoring with configurable schedules and alerts, ensuring that regressions in validation logic are surfaced promptly.
Related CWEs: llmSecurity
| CWE ID | Name | Severity |
|---|---|---|
| CWE-754 | Improper Check for Unusual or Exceptional Conditions | MEDIUM |
Frequently Asked Questions
How can I test if my Express endpoints are vulnerable to query manipulation?
status[$ne]=) and verify that the returned document set matches the intended allowlisted behavior. Automated scans, such as those run via middleBrick CLI or GitHub Action, can systematically probe for these classes of issues.