CVE-2026-6119

| EUVD-2026-21715 MEDIUM
2026-04-12 VulDB
5.3
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
CVSS Changed
Apr 12, 2026 - 06:22 NVD
6.3 (MEDIUM) 5.3 (MEDIUM)
Analysis Generated
Apr 12, 2026 - 05:49 vuln.today

Tags

SSRF

Description

A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Analysis

Server-side request forgery (SSRF) in AstrBot API endpoint post_data.get allows authenticated remote attackers to perform arbitrary HTTP requests from the server, potentially exposing internal services or enabling data exfiltration. AstrBot versions up to 4.22.1 are affected. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

47
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +26
POC: +20

Share

CVE-2026-6119 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy