PT-2026-21500 · Unknown · Fastapi-Admin

Published

2026-02-23

Updated

2026-03-05

CVE-2026-2975

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions FastApiAdmin versions through 2.2.0

Description A security flaw exists in FastApiAdmin up to version 2.2.0. The reset api docs function within the Custom Documentation Endpoint component, located in the file /backend/app/plugin/init app.py, is susceptible to manipulation, leading to information disclosure. This attack can be carried out remotely. An exploit for this issue has been publicly released.

Recommendations Update FastApiAdmin to a version later than 2.2.0. As a temporary workaround, consider restricting access to the reset api docs function within the Custom Documentation Endpoint.

Exploit

Fix

Information Disclosure

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-284

Related Identifiers

CVE-2026-2975

Affected Products

Fastapi-Admin

PT-2026-21500 · Unknown · Fastapi-Admin

CVE-2026-2975

Weakness Enumeration

Related Identifiers

Affected Products

References · 11