CVE-2026-36728: FastapiAdmin XSS Vulnerability in AI Chat (MEDIUM)
FastapiAdmin version 2.2.0 contains a stored cross-site scripting (XSS) vulnerability in its AI assistant chat feature. An authenticated attacker can inject malicious JavaScript or HTML through a crafted chat message. When other users view the message, the malicious script executes in their browser with access to their session and sensitive data. This requires an attacker with valid login credentials and victim user interaction (viewing the chat), limiting but not eliminating real-world risk.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 5.4 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Weaknesses (CWE)
- CWE-79
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-09 / 2026-06-17
NVD description (verbatim)
A markdown based cross-site scripting (XSS) vulnerability in the AI assistant chat function of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a chat message.
1 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-36728 is a reflected/stored XSS flaw (CWE-79) in FastapiAdmin's markdown-based chat rendering pipeline. The vulnerability stems from insufficient input validation and output encoding when processing chat messages that contain markdown formatting. An authenticated user can craft a payload that bypasses markdown sanitization, resulting in arbitrary HTML and JavaScript execution within the victim's browser context. The CVSS 3.1 score of 5.4 (MEDIUM) reflects a low attack complexity, network-accessible vector, and login requirement, balanced against limited confidentiality and integrity impact without availability impact.
Business impact
Organizations running FastapiAdmin 2.2.0 face potential session hijacking, credential theft, and data exfiltration through the chat feature. Because the vulnerability requires authentication and user interaction, the threat is primarily from malicious insiders or compromised internal accounts targeting other users. The impact scope is confined to chat functionality, but can extend across the application if the attacker steals session tokens. Availability is not impacted, reducing overall business disruption, though integrity and confidentiality risks warrant prompt remediation.
Affected systems
FastapiAdmin version 2.2.0 is affected. Organizations should identify all deployments of this version, particularly those exposed to internal or external users with chat access. Verify your installed version using package managers or the admin interface version disclosure endpoint. Verify against vendor advisory for confirmed vulnerable and patched versions.
Exploitability
Exploitation requires valid authentication credentials and relies on victim user interaction (clicking a link or viewing a malicious chat message). No CVSS exploit code public proof-of-concept has been designated as in-the-wild critical. The attack is not trivial for external threat actors but poses genuine risk from insiders or via account compromise. Social engineering can amplify impact by tricking users into viewing prepared chat payloads.
Remediation
Update FastapiAdmin to a patched version released after June 17, 2026. Verify against the vendor advisory for the exact version number. Implement content security policy (CSP) headers to restrict inline script execution. Audit recent chat messages for suspicious payloads and review user access logs for anomalies. If patching is delayed, disable chat functionality or restrict it to trusted accounts only.
Patch guidance
Consult the FastapiAdmin vendor advisory and release notes for the patched version number and installation instructions. Apply patches during a maintenance window to minimize service disruption. Test the patched version in a staging environment before production deployment. Verify that chat rendering and markdown processing function correctly post-update. Document patch deployment date and affected systems for compliance records.
Detection guidance
Monitor for XSS payloads in chat messages by logging and analyzing message content for script tags, event handlers (onclick, onerror), and javascript: protocols within markdown syntax. Implement Web Application Firewall (WAF) rules to detect and block common XSS patterns in chat input. Review browser console errors and CSP violation reports for signs of script injection attempts. Use SIEM rules to correlate multiple XSS attempts from the same source IP or user account.
Why prioritize this
Although rated MEDIUM severity, this vulnerability should be prioritized because it affects authenticated users' sessions and data integrity through an active communication channel (chat). The combination of stored XSS and social engineering potential makes it a valuable attack vector for insider threats and compromised account scenarios. Early patching prevents account compromise chains and reduces lateral movement risk. Organizations with high-sensitivity internal communications should treat this as higher priority.
Risk score, explained
CVSS 3.1 score of 5.4 reflects: Network vector (attackable remotely), Low attack complexity (no special conditions required), Login requirement (reduces threat actor pool), Required user interaction (victim must view message), Changed scope (XSS can affect other users), and Low impact on confidentiality and integrity (no system compromise, data theft limited to session context). Availability is not affected, preventing higher severity rating. Real-world risk may be higher in organizations with permissive internal access controls.
Frequently asked questions
Can external attackers exploit this without a valid account?
No. CVE-2026-36728 requires valid authentication to access the chat feature and inject a payload. External threat actors must first compromise or obtain credentials, significantly raising the bar for exploitation compared to unauthenticated vulnerabilities.
Does this vulnerability allow remote code execution on the server?
No. This is a client-side XSS vulnerability affecting the user's browser, not the FastapiAdmin server. Attackers cannot execute code on the server itself or access underlying system resources directly. However, stolen session tokens or credentials could enable further compromise.
If we disable the chat feature, are we protected?
Yes. Disabling chat entirely eliminates the attack surface for this specific vulnerability. This is a valid temporary mitigation while waiting for patches, though it reduces application functionality. A CSP-enforced environment can also provide defense-in-depth even if chat remains active.
Should we force password resets for all users?
Not necessarily, unless you have evidence of active exploitation or account compromise. Focus on patching, monitoring access logs for suspicious chat activity, and resetting passwords only for compromised accounts. Universal password resets are expensive and may create user friction without commensurate security gain if exploitation has not occurred.
This analysis is based on CVE-2026-36728 public disclosures and CVSS metrics as of June 2026. Vendor advisory details, patched version numbers, and internal exploitation metrics may vary; verify directly with vendor communications and your own security testing. SEC.co provides this information for informational purposes to support security decision-making and does not guarantee completeness or real-time accuracy. Always consult your security team and vendor support for deployment-specific guidance. No liability for decisions made based on this content. Source: NVD (public-domain), retrieved 2026-07-19. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2018-25384MEDIUMStored XSS in Wikidforum 2.20 Allows Authenticated Attackers to Inject Malicious Scripts
- CVE-2019-25731MEDIUMStored XSS in Zuz Music 2.1 Contact Form
- CVE-2019-25737MEDIUMStored XSS in Live Chat Unlimited 2.8.3 – Admin Session Compromise
- CVE-2019-25739MEDIUMGigToDo 1.3 Stored XSS Vulnerability in Proposal Descriptions
- CVE-2019-25742MEDIUMStored XSS in Zoner Real Estate WordPress Theme 4.1.1 – Admin Account Compromise Risk
- CVE-2019-25743MEDIUMWordPress Soliloquy Lite 2.5.6 Stored XSS Vulnerability
- CVE-2019-25744MEDIUMWordPress Popup Builder 3.49 Stored XSS Vulnerability – Exploit Prevention & Patch Guide
- CVE-2021-47982MEDIUMWP-Paginate 2.1.3 Stored XSS in Plugin Settings