Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Hard-coded credentials in AstrBot Dashboard (versions ≤4.16.0) enable remote unauthenticated attackers to bypass authentication and gain partial system access. The vulnerability resides in astrbot/dashboard/routes/auth.py, allowing complete authentication bypass without network complexity or user interaction. A public exploit exists on GitHub, and the vendor has not responded to responsible disclosure attempts, leaving users exposed to credential-based attacks with moderate impact across confidentiality, integrity, and availability (CVSS 7.3). EPSS data not available; KEV status negative indicates no confirmed widespread exploitation despite public POC.
Technical ContextAI
This vulnerability stems from CWE-798 (Use of Hard-coded Credentials), where authentication secrets are embedded directly in the source code of the Dashboard component's authentication route handler (auth.py). The affected product is AstrBot, a chatbot development framework by AstrBotDevs. Hard-coded credentials represent a fundamental security flaw where static, unchangeable authentication tokens or passwords exist in the codebase, accessible to anyone with repository access or through reverse engineering. The CPE string (cpe:2.3:a:astrbotdevs:astrbot) confirms this affects the AstrBot application specifically, with versions through 4.16.0 vulnerable. The Dashboard component appears to be a web-based management interface, making the hard-coded credentials particularly dangerous as they expose administrative functionality. Unlike typical authentication bypass techniques that exploit logic flaws, hard-coded credentials provide direct, deterministic access using fixed values discoverable through static analysis.
RemediationAI
No vendor-released patch has been confirmed at time of analysis-the vendor has not responded to disclosure attempts, and CVSS temporal vector indicates unknown remediation level (RL:X). Users should immediately implement the following compensating controls with specific trade-offs: (1) Disable or restrict network access to the AstrBot Dashboard component entirely by blocking TCP ports used by the web interface through firewall rules-this eliminates remote attack surface but removes legitimate administrative access requiring alternative local-only management; (2) Deploy a reverse proxy (nginx, Apache) with IP whitelisting to permit Dashboard access only from trusted management networks-reduces exposure but requires maintaining IP allowlists and may break remote administration workflows; (3) Monitor the GitHub repository (https://github.com/AstrBotDevs/AstrBot) and Security Advisory (https://github.com/AstrBotDevs/AstrBot/security/advisories/GHSA-vrqm-xcfv-286r) for community-developed patches or forks addressing the hard-coded credentials; (4) If source code access is available, manually replace hard-coded credentials in auth.py with environment variables or secure credential stores and rebuild from source-requires development expertise and creates an unsupported fork. Given vendor unresponsiveness, organizations with security requirements should evaluate migration to actively maintained alternatives. Detailed exploit methodology is available at https://github.com/Dave-gilmore-aus/security-advisories/blob/main/AstrBot-Security-Advisory for defensive validation.
AstrBot versions 3.4.4 through 3.5.12 contain a path traversal vulnerability (CWE-23) in the dashboard feature that allo
Command injection in AstrBot's MCP endpoint handler (add_mcp_server function) allows authenticated remote attackers to e
Server-side request forgery in AstrBot's dashboard MCP Test Endpoint allows low-privileged authenticated users to coerce
Path traversal in AstrBot 4.23.6 allows authenticated remote attackers to manipulate the Name parameter of the /api/skil
Injection in AstrBot 4.23.6 allows authenticated remote attackers to manipulate input through the `_sanitize_prompt_desc
AstrBot versions up to 4.22.1 allow authenticated remote attackers to bypass sandbox restrictions via malicious file upl
Authorization bypass in AstrBotDevs AstrBot 4.24.2 enables remote low-privilege authenticated attackers to manipulate th
Incorrect authorization in AstrBot 4.23.6 allows remote low-privileged attackers to bypass filesystem path restrictions
Path traversal in AstrBot dashboard file upload allows authenticated remote attackers to write files outside intended di
Server-side request forgery (SSRF) in AstrBot API endpoint post_data.get allows authenticated remote attackers to perfor
Server-side request forgery in AstrBot up to version 4.25.2 allows authenticated remote attackers to cause the server to
Improper authorization in AstrBot's Scheduled Task Handler allows a remote low-privileged user to bypass authorization c
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26498