Skip to main content

AstrBot EUVD-2026-25660

| CVE-2026-6984 LOW
Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336)
2026-04-25 VulDB
Information Disclosure Ssti
2.0
CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

8
Severity Changed
Apr 29, 2026 - 01:12 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:12 NVD
5.1 (MEDIUM) 2.0 (LOW)
PoC Detected
Apr 29, 2026 - 01:00 vuln.today
Public exploit code
CVSS changed
Apr 25, 2026 - 16:22 NVD
4.7 (MEDIUM) 5.1 (MEDIUM)
Analysis Generated
Apr 25, 2026 - 16:00 vuln.today
EUVD ID Assigned
Apr 25, 2026 - 15:45 euvd
EUVD-2026-25660
Analysis Generated
Apr 25, 2026 - 15:45 vuln.today
CVE Published
Apr 25, 2026 - 15:30 nvd
LOW 2.0

DescriptionNVD

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create_template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Server-side template injection in AstrBot Dashboard API (version 4.22.1 and earlier) allows remote authenticated attackers with high privileges to execute arbitrary template code via the create_template function, leading to information disclosure and potential code execution. Publicly available exploit code exists, and the vendor has not yet responded to disclosure despite early notification.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Obtain administrative dashboard credentials
Delivery
Access Dashboard API endpoint
Exploit
Craft malicious template injection payload
Install
Submit create_template request with injected directives
C2
Template engine processes unsanitized input
Execute
Execute arbitrary template commands
Impact
Exfiltrate sensitive data or escalate privileges
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Authentication is required with high-privilege dashboard access (PR:H per CVSS vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 4.7 with network vector and high privilege requirement (PR:H) suggests this requires an authenticated attacker with elevated dashboard access, limiting the immediate threat surface. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated attacker with high-privilege dashboard access navigates to the template creation interface and injects malicious template syntax (e.g., Jinja2 or similar engine directives) into the template parameters. Upon submission, the create_template function processes the malicious input through the template engine without sanitization, allowing the attacker to read sensitive files, enumerate environment variables, or execute arbitrary code depending on template engine capabilities. …
Remediation Immediate upgrade to a patched version is recommended, though no vendor-released fix version is currently available per the unresponsive disclosure status. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-41065 HIGH
8.9 Jun 04

Remote code execution in Tautulli versions prior to 2.17.1 allows attackers to achieve unauthenticated RCE on fresh inst
CVE-2026-44181 CRITICAL
Jun 03

Server-side template injection in Jupyter Enterprise Gateway versions 2.0.0rc2 through 3.2.x allows remote attackers to

Share

EUVD-2026-25660 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy