CVE-2026-2975 - Vulnerability Details

A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function reset_api_docs of the file /backend/app/plugin/init_app.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.0003.

Exploitation poc

Automatable yes

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

FastApiAdmin

affected

Version	Status	Constraints
`2.0`	affected	—
`2.1`	affected	—
`2.2.0`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:fastapiadmin:fastapi-admin:2.0:::::::*
	cpe:2.3:a:fastapiadmin:fastapi-admin:2.1:::::::*
	cpe:2.3:a:fastapiadmin:fastapi-admin:2.2.0:::::::*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Fastapiadmin Subscribe	Fastapiadmin Subscribe

Project Subscriptions

Vendors	Products
Fastapiadmin Subscribe	Fastapi-admin Subscribe Fastapiadmin Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-1
https://vuldb.com/?ctiid.347359
https://vuldb.com/?id.347359
https://vuldb.com/?submit.756067

History

Tue, 24 Feb 2026 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fastapiadmin fastapi-admin
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:fastapiadmin:fastapi-admin:2.0:::::::* cpe:2.3:a:fastapiadmin:fastapi-admin:2.1:::::::* cpe:2.3:a:fastapiadmin:fastapi-admin:2.2.0:::::::*
Vendors & Products		Fastapiadmin fastapi-admin

Mon, 23 Feb 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fastapiadmin Fastapiadmin fastapiadmin
Vendors & Products		Fastapiadmin Fastapiadmin fastapiadmin

Mon, 23 Feb 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 23 Feb 2026 06:30:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function reset_api_docs of the file /backend/app/plugin/init_app.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Title		FastApiAdmin Custom Documentation Endpoint init_app.py reset_api_docs information disclosure
Weaknesses		CWE-200 CWE-284
References		https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-1 https://vuldb.com/?ctiid.347359 https://vuldb.com/?id.347359 https://vuldb.com/?submit.756067
Metrics		cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-23T06:02:07.772Z

Updated: 2026-02-23T13:23:00.814Z

Reserved: 2026-02-22T15:09:00.869Z

Link: CVE-2026-2975

Vulnrichment

Updated: 2026-02-23T13:22:56.556Z

NVD

Status : Analyzed

Published: 2026-02-23T07:16:21.243

Modified: 2026-02-24T15:57:58.377

Link: CVE-2026-2975

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-02-23T14:28:13Z

Weaknesses

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation poc

Automatable yes

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object