CVE-2026-2977 | FastApiAdmin up to 2.2.0 Scheduled Task API controller.py upload_controller unrestricted upload

A vulnerability was found in FastApiAdmin up to 2.2.0. It has been declared as critical. This affects the function upload_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Scheduled Task API. Such manipulation leads to unrestricted upload.

This vulnerability is referenced as CVE-2026-2977. It is possible to launch the attack remotely. Furthermore, an exploit is available.VulDB Recent EntriesRead More