Skip to main content

Astrbot CVE-2026-6117

| EUVD-2026-21710 LOW
Privilege Issues (CWE-265)
2026-04-12 VulDB GHSA-rf4q-qfjf-vw22
Information Disclosure Astrbot
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

8
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
5.3 (MEDIUM) 2.1 (LOW)
PoC Detected
Apr 29, 2026 - 01:00 vuln.today
Public exploit code
CVSS changed
Apr 12, 2026 - 05:22 NVD
6.3 (MEDIUM) 5.3 (MEDIUM)
Analysis Generated
Apr 12, 2026 - 05:04 vuln.today
EUVD ID Assigned
Apr 12, 2026 - 05:00 euvd
EUVD-2026-21710
Analysis Generated
Apr 12, 2026 - 05:00 vuln.today
CVE Published
Apr 12, 2026 - 04:30 nvd
LOW 2.1

DescriptionCVE.org

A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

AstrBot versions up to 4.22.1 allow authenticated remote attackers to bypass sandbox restrictions via malicious file uploads to the install-upload endpoint (install_plugin_upload function), enabling arbitrary code execution with limited information disclosure and integrity impact. The vulnerability exists in the plugin installation mechanism and has publicly available exploit code; the vendor has been notified but has not yet responded with a patch.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to AstrBot dashboard
Delivery
Navigate to plugin installation endpoint
Exploit
Upload crafted plugin file bypassing validation
Execution
Exploit sandbox escape in install_plugin_upload function
Impact
Execute arbitrary code within bot process
Sign in to reveal

Vulnerability AssessmentAI

Risk Assessment While the CVSS score of 6.3 rates this as medium severity, multiple risk signals indicate moderate real-world priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated user with dashboard access uploads a malicious plugin file to the install-upload endpoint. The install_plugin_upload function fails to properly validate or sandbox the file contents, allowing the attacker to escape sandbox restrictions and execute arbitrary code within the AstrBot process. …
Remediation Upgrade AstrBot to a version newer than 4.22.1 as soon as a patched release becomes available; check the GitHub repository (https://github.com/AstrBotDevs/AstrBot/) for release announcements. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-6117 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy