PatchSiren cyber security CVE debrief
CVE-2026-36725 FastapiAdmin CVE debrief
CVE-2026-36725 is a MEDIUM severity vulnerability with a CVSS score of 6.1. The vulnerability exists in FastapiAdmin v2.2.0 and allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the notice_content parameter of the /system/notice/create endpoint.
- Vendor
- FastapiAdmin
- Product
- FastapiAdmin
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of FastapiAdmin v2.2.0 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is a markdown based cross-site scripting (XSS) vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0. The vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the notice_content parameter.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply the necessary patches or updates to FastapiAdmin v2.2.0 to fix the vulnerability.
- Use a web application firewall (WAF) to detect and prevent XSS attacks.
- Validate and sanitize user input to prevent injection attacks.
Evidence notes
The vulnerability was reported via [ref-4](https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-6).
Official resources
-
CVE-2026-36725 CVE record
CVE.org
-
CVE-2026-36725 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-36725 was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-36725) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-36725).