CVE Catalog

CVE-2026-36724

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

12th percentile - higher than 12% of all known CVEs

Summary

In version 2.2.0 of FastapiAdmin, an uncaught exception in the /application/job/update/{id} endpoint allows authenticated attackers with the module_task:job:update permission to trigger a Denial of Service (DoS) attack by manipulating the func field of scheduled tasks.

Risk Assessment

The organization may be vulnerable to DoS attacks, potentially leading to service unavailability and disruption of application functionality.

Recommendation

It is recommended to update to the latest version of FastapiAdmin and implement appropriate exception handling mechanisms in the application.

Original NVD description (English source)

An uncaught exception in the /application/job/update/{id} endpoint of FastapiAdmin v2.2.0 allows authenticated attackers with the module_task:job:update permission to cause a Denial of Service (DoS) via manipulating the func field of scheduled tasks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS