CVE-2026-36724
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
In version 2.2.0 of FastapiAdmin, an uncaught exception in the /application/job/update/{id} endpoint allows authenticated attackers with the module_task:job:update permission to trigger a Denial of Service (DoS) attack by manipulating the func field of scheduled tasks.
Risk Assessment
The organization may be vulnerable to DoS attacks, potentially leading to service unavailability and disruption of application functionality.
Recommendation
It is recommended to update to the latest version of FastapiAdmin and implement appropriate exception handling mechanisms in the application.
Original NVD description (English source)
An uncaught exception in the /application/job/update/{id} endpoint of FastapiAdmin v2.2.0 allows authenticated attackers with the module_task:job:update permission to cause a Denial of Service (DoS) via manipulating the func field of scheduled tasks.

