CVE-2026-2979
published 2026-02-23CVE-2026-2979: A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function user_avatar_upload_controller of the file…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.29%
21.0th percentile
A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function user_avatar_upload_controller of the file /backend/app/api/v1/module_system/user/controller.py of the component Scheduled Task API. Executing a manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fastapiadmin | fastapiadmin | <= 2.2.0 | — |
| fastapiadmin | fastapiadmin | — | — |
| fastapiadmin | fastapiadmin | — | — |
| fastapiadmin | fastapiadmin | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m879-6gvr-239v: A flaw has been found in FastApiAdmin up to 2
ghsa_unreviewed·2026-02-23
CVE-2026-2979 [MEDIUM] CWE-284 GHSA-m879-6gvr-239v: A flaw has been found in FastApiAdmin up to 2
A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function user_avatar_upload_controller of the file /backend/app/api/v1/module_system/user/controller.py of the component Scheduled Task API. Executing a manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.
Red Hat
kernel: timekeeping: Adjust the leap state for the correct auxiliary timekeeper
vendor_redhat·2026-02-04·CVSS 5.5
CVE-2026-23106 [MEDIUM] CWE-820 kernel: timekeeping: Adjust the leap state for the correct auxiliary timekeeper
kernel: timekeeping: Adjust the leap state for the correct auxiliary timekeeper
In the Linux kernel, the following vulnerability has been resolved:
timekeeping: Adjust the leap state for the correct auxiliary timekeeper
When __do_ajdtimex() was introduced to handle adjtimex for any
timekeeper, this reference to tk_core was not updated. When called on an
auxiliary timekeeper, the core timekeeper would be updated incorrectly.
This gets caught by the lock debugging diagnostics because the
timekeepers sequence lock gets written to without holding its
associated spinlock:
WARNING: include/linux/seqlock.h:226 at __do_adjtimex+0x394/0x3b0, CPU#2: test/125
aux_clock_adj (kernel/time/timekeeping.c:2979)
__do_sys_clock_adjtime (kernel/time/posix-timers.c:1161 kernel/time/posix-timers.c:1173)
do_sys
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-02-23
Published