CVE-2026-36728
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
FastapiAdmin v2.2.0 has a markdown based cross-site scripting (XSS) vulnerability in the AI assistant chat function that allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into a chat message.
Risk Assessment
This vulnerability could lead to user data theft or session hijacking, posing a serious security threat to the application and its users.
Recommendation
It is recommended to upgrade to the latest version of FastapiAdmin and implement input filtering and validation in the chat function to minimize the risk of XSS attacks.
Original NVD description (English source)
A markdown based cross-site scripting (XSS) vulnerability in the AI assistant chat function of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a chat message.

