ByteOS Network

fastapiadmin

Source -

NVD

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-2976

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-0.03% / 6.74%

7 Day CHG~0.00%

Published-23 Feb, 2026 | 06:32

Updated-24 Feb, 2026 | 15:50

FastApiAdmin Download Endpoint controller.py download_controller information disclosure

A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function download_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Download Endpoint. This manipulation of the argument file_path causes information disclosure. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

Vendor-fastapiadmin n/a

Product-fastapi-admin FastApiAdmin

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE ID-CWE-284

Improper Access Control

CWE ID-CWE-434

Unrestricted Upload of File with Dangerous Type

CVE-2026-2975

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-6.9||MEDIUM

EPSS-0.03% / 8.49%

7 Day CHG~0.00%

Published-23 Feb, 2026 | 06:02

Updated-24 Feb, 2026 | 15:57

FastApiAdmin Custom Documentation Endpoint init_app.py reset_api_docs information disclosure

A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function reset_api_docs of the file /backend/app/plugin/init_app.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

Vendor-fastapiadmin n/a

Product-fastapi-admin FastApiAdmin

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE ID-CWE-284

Improper Access Control