CVE Catalog

CVE-2026-36728

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile - higher than 9% of all known CVEs

Summary

FastapiAdmin v2.2.0 has a markdown based cross-site scripting (XSS) vulnerability in the AI assistant chat function that allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into a chat message.

Risk Assessment

This vulnerability could lead to user data theft or session hijacking, posing a serious security threat to the application and its users.

Recommendation

It is recommended to upgrade to the latest version of FastapiAdmin and implement input filtering and validation in the chat function to minimize the risk of XSS attacks.

Original NVD description (English source)

A markdown based cross-site scripting (XSS) vulnerability in the AI assistant chat function of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a chat message.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS