CVE-2026-2978 | FastApiAdmin up to 2.2.0 Scheduled Task API controller.py upload_file_controller unrestricted upload

Inserito da Angelo Barbosa | Feb 22, 2026 | CVE

A vulnerability was found in FastApiAdmin up to 2.2.0. It has been rated as critical. This vulnerability affects the function upload_file_controller of the file /backend/app/api/v1/module_system/params/controller.py of the component Scheduled Task API. Performing a manipulation results in unrestricted upload.

This vulnerability is identified as CVE-2026-2978. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2026-2978 | FastApiAdmin up to 2.2.0 Scheduled Task API controller.py upload_file_controller unrestricted upload

Post correlati

CVE-2025-23878 | Scott Reilly Post-to-Post Links Plugin up to 4.2 on WordPress cross site scripting

CVE-2025-5005 | Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4 index_event.php corpurl server-side request forgery

CVE-2024-24028 | Likeshop up to 2.5.6 updateWechatInfo avatar server-side request forgery

CVE-2025-6484 | code-projects Online Shopping Store 1.0 /action.php cat_id/brand_id/keyword/proId/pid sql injection