Skip to main content

AstrBot CVE-2026-10210

| EUVD-2026-33531 LOW
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2026-06-01 VulDB GHSA-6vvm-92fq-599w
Code Injection Astrbot
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jun 01, 2026 - 02:22 NVD
MEDIUM LOW
CVSS changed
Jun 01, 2026 - 02:22 NVD
6.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
Jun 01, 2026 - 01:57 vuln.today

DescriptionCVE.org

A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function _sanitize_prompt_description of the file astrbot/core/skills/skill_manager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Injection in AstrBot 4.23.6 allows authenticated remote attackers to manipulate input through the _sanitize_prompt_description function in astrbot/core/skills/skill_manager.py, bypassing sanitization and achieving partial impact on confidentiality, integrity, and availability. A publicly available exploit (POC) exists on GitHub, and the vendor did not respond to responsible disclosure, meaning no official patch has been released. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with low-privilege AstrBot account
Delivery
Submit crafted skill prompt description
Exploit
_sanitize_prompt_description fails to neutralize payload
Execution
Injected content reaches downstream component
Impact
Partial read/write/availability impact on AstrBot instance
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated session with at least low-level user privileges, as confirmed by the CVSS vector PR:L. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 6.3 (Medium) reflects a network-accessible (AV:N), low-complexity (AC:L), low-privilege (PR:L) attack with no user interaction (UI:N), but with unchanged scope (S:U) and only partial impact across confidentiality, integrity, and availability (C:L/I:L/A:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privilege account on an internet-exposed AstrBot instance submits a crafted prompt description string through the skill management interface, specifically targeting the `_sanitize_prompt_description` function's failure to neutralize special elements. The injected payload is passed unsanitized to a downstream component - likely the prompt pipeline or a template processor - where it alters execution context and achieves partial read/write access or causes service disruption. …
Remediation No vendor-released patch has been identified at time of analysis - the vendor did not respond to responsible disclosure, and no fixed version number is available from any source. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10210 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy