PatchSiren cyber security CVE debrief
CVE-2026-36724 FastapiAdmin CVE debrief
CVE-2026-36724 is a medium-severity vulnerability in FastapiAdmin v2.2.0. An uncaught exception in the /application/job/update/{id} endpoint allows authenticated attackers with the module_task:job:update permission to cause a Denial of Service (DoS) via manipulating the func field of scheduled tasks. The vulnerability has a CVSS score of 6.5 and is classified as CWE-400.
- Vendor
- FastapiAdmin
- Product
- FastapiAdmin
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of FastapiAdmin v2.2.0, particularly those with the module_task:job:update permission, should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability exists in the /application/job/update/{id} endpoint of FastapiAdmin v2.2.0. An uncaught exception allows authenticated attackers to cause a Denial of Service (DoS) by manipulating the func field of scheduled tasks.
Defensive priority
MEDIUM
Recommended defensive actions
- Update to a patched version of FastapiAdmin, if available.
- Restrict access to the /application/job/update/{id} endpoint to only necessary users.
- Monitor for suspicious activity on the /application/job/update/{id} endpoint.
Evidence notes
The vulnerability is confirmed by the CVE record and NVD detail pages. [resourceLinkAnnotations:cve-org,nvd]
Official resources
-
CVE-2026-36724 CVE record
CVE.org
-
CVE-2026-36724 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-36724 was published on 2026-06-09T19:17:42.873Z and modified on 2026-06-10T20:15:58.353Z.