CVE-2026-2975

MEDIUM

FastApiAdmin <2.2.0 - Info Disclosure

Title source: llm

Description

A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function reset_api_docs of the file /backend/app/plugin/init_app.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

References (4)

[Permissions Required, VDB Entry] https://vuldb.com/?id.347359

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.347359

[Permissions Required, VDB Entry] https://vuldb.com/?submit.756067

[Various Sources] https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-1

Scores

CVSS v3 5.3

EPSS 0.0005

EPSS Percentile 14.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-200 CWE-284

Status published

Products (4)

fastapiadmin/fastapi-admin 2.0

fastapiadmin/fastapi-admin 2.1

fastapiadmin/fastapi-admin 2.2.0

fastapiadmin/fastapiadmin < 2.2.0

Published Feb 23, 2026

Tracked Since Feb 23, 2026