VYPR
Medium severity6.3NVD Advisory· Published Feb 23, 2026· Updated Apr 29, 2026

CVE-2026-2977

CVE-2026-2977

Description

A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function upload_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Scheduled Task API. Such manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:fastapiadmin:fastapiadmin:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:fastapiadmin:fastapiadmin:*:*:*:*:*:*:*:*range: <=2.2.0
    • (no CPE)range: <=2.2.0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.