CVE-2026-2975

Name of the Vulnerable Software and Affected Versions FastApiAdmin versions through 2.2.0

Description A security flaw exists in FastApiAdmin up to version 2.2.0. The reset api docs function within the Custom Documentation Endpoint component, located in the file /backend/app/plugin/init app.py, is susceptible to manipulation, leading to information disclosure. This attack can be carried out remotely. An exploit for this issue has been publicly released.

Recommendations Update FastApiAdmin to a version later than 2.2.0. As a temporary workaround, consider restricting access to the reset api docs function within the Custom Documentation Endpoint.