CVE-2026-36728
Description
FastapiAdmin v2.2.0 has a markdown-based XSS vulnerability in its AI chat function, allowing script injection via crafted messages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
FastapiAdmin v2.2.0 has a markdown-based XSS vulnerability in its AI chat function, allowing script injection via crafted messages.
Vulnerability
A markdown-based Cross-Site Scripting (XSS) vulnerability exists in FastapiAdmin versions up to and including 2.2.0. The AI assistant chat functionality processes user-supplied message content, storing it in the database without proper sanitization. This content is then rendered on the frontend using markdown-it, which lacks built-in XSS protection, and is displayed without further sanitization, specifically within the message-text div using v-html [1].
Exploitation
Authenticated attackers can exploit this vulnerability by injecting arbitrary JavaScript code disguised as markdown within a chat message. When other users view these chat messages or the message management page, the injected script will execute in their browsers. This requires the attacker to have the ability to send messages within the AI assistant chat feature [1].
Impact
Successful exploitation allows attackers to execute arbitrary web scripts or HTML in the context of the victim's browser. This can lead to severe consequences such as session hijacking, credential theft, or performing malicious actions on behalf of the victimized users, compromising their accounts and data [1].
Mitigation
To mitigate this vulnerability, it is recommended to implement HTML sanitization using libraries like DOMPurify after rendering with markdown-it. Alternatively, using a markdown editor with built-in XSS protection, such as mavonEditor, and implementing Content Security Policy (CSP) headers can also help prevent exploitation. A patched version is not yet disclosed in the available references [1].
AI Insight generated on Jun 9, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: =2.2.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"User-supplied markdown content is rendered directly into the DOM without sanitization, allowing script injection."
Attack vector
An authenticated attacker can inject arbitrary JavaScript into a chat message. This payload is stored in the database and later rendered in the frontend using markdown-it. Since markdown-it does not provide built-in XSS protection and the content is rendered using `v-html`, the injected script executes in the browser of any user viewing the chat messages or the message management page [ref_id=1]. This can lead to session hijacking or credential theft.
Affected code
The vulnerability resides in the AI assistant chat functionality, specifically within the rendering of markdown content. Affected files include `/frontend/src/views/module_ai/chat/components/MessageItem.vue`, `/frontend/src/views/module_ai/chat_message/index.vue`, and `/frontend/src/components/MarkdownRenderer/index.vue`. These components render user-supplied content using markdown-it without proper sanitization before injecting it into the DOM via `v-html` [ref_id=1].
What the fix does
The advisory recommends implementing HTML sanitization using libraries like DOMPurify after rendering with markdown-it, or using a markdown editor with built-in XSS protection. Additionally, implementing Content Security Policy (CSP) headers is suggested as a mitigation strategy. The patch does not show specific code changes, but these measures would prevent malicious scripts from executing in the browser.
Preconditions
- authThe attacker must be authenticated to the FastapiAdmin application.
- inputThe attacker must be able to send a chat message containing a crafted markdown payload.
Reproduction
Send a message to the AI assistant with the content `<img src=x onerror='alert(1)' />`. Re-entering the AI assistant and clicking on a session containing the XSS payload will trigger the pop-up. Navigating to the message management page will also cause the pop-up without interaction [ref_id=1].
Generated on Jun 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.