CVE-2026-2976 | FastApiAdmin up to 2.2.0 Download Endpoint controller.py download_controller file_path information disclosure

Inserito da Angelo Barbosa | Feb 22, 2026 | CVE

A vulnerability was found in FastApiAdmin up to 2.2.0. It has been classified as problematic. Affected by this issue is the function download_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Download Endpoint. This manipulation of the argument file_path causes information disclosure.

The identification of this vulnerability is CVE-2026-2976. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2026-2976 | FastApiAdmin up to 2.2.0 Download Endpoint controller.py download_controller file_path information disclosure

Post correlati

CVE-2024-2257 | Digisol DG-GR1321 3.2.02 weak password (CIVN-2024-0158)

CVE-2024-47762 | Backstage up to 0.3.74 Environment Variable APP_CONFIG_backend_listen_port expected behavior violation (GHSA-qc4v-xq2m-65wc)

CVE-2024-2841 | Otter Blocks Plugin up to 2.6.5 on WordPress cross site scripting

CVE-2024-13142 | ZeroWdd studentmanager 1.0 RoleController. java submitAddRole name cross site scripting