CVE-2026-2975 - Vulnerability Details

A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function reset_api_docs of the file /backend/app/plugin/init_app.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Fastapiadmin	Fastapiadmin

No data.

References

Link	Providers
https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-1
https://vuldb.com/?ctiid.347359
https://vuldb.com/?id.347359
https://vuldb.com/?submit.756067

History

Mon, 23 Feb 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fastapiadmin Fastapiadmin fastapiadmin
Vendors & Products		Fastapiadmin Fastapiadmin fastapiadmin

Mon, 23 Feb 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 23 Feb 2026 06:30:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function reset_api_docs of the file /backend/app/plugin/init_app.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Title		FastApiAdmin Custom Documentation Endpoint init_app.py reset_api_docs information disclosure
Weaknesses		CWE-200 CWE-284
References		https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-1 https://vuldb.com/?ctiid.347359 https://vuldb.com/?id.347359 https://vuldb.com/?submit.756067
Metrics		cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-23T06:02:07.772Z

Updated: 2026-02-23T13:23:00.814Z

Reserved: 2026-02-22T15:09:00.869Z

Link: CVE-2026-2975

Vulnrichment

Updated: 2026-02-23T13:22:56.556Z

NVD

Status : Awaiting Analysis

Published: 2026-02-23T07:16:21.243

Modified: 2026-02-23T18:13:53.397

Link: CVE-2026-2975

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation poc

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object