CVE-2026-2977 | FastApiAdmin up to 2.2.0 Scheduled Task API controller.py upload_controller unrestricted upload

Inserito da Angelo Barbosa | Feb 22, 2026 | CVE

A vulnerability was found in FastApiAdmin up to 2.2.0. It has been declared as critical. This affects the function upload_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Scheduled Task API. Such manipulation leads to unrestricted upload.

This vulnerability is referenced as CVE-2026-2977. It is possible to launch the attack remotely. Furthermore, an exploit is available.

CVE-2026-2977 | FastApiAdmin up to 2.2.0 Scheduled Task API controller.py upload_controller unrestricted upload

Post correlati

CVE-2025-34299 | Monsta FTP up to 2.11 File unrestricted upload

CVE-2025-13783 | taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665 CommentadminController CommentadminController.class.php check/uncheck/delete ids sql injection

CVE-2025-12916 | Sangfor Operation and Maintenance Security Management System Frontend /fort/portal_login command injection

CVE-2025-21622 | MacWarrior clipbucket-v5 up to 5.5.1-236 Avatar Upload avatar_url path traversal