Is there a public PoC exploit available for EUVD-2026-30700?

Yes, a public proof-of-concept exploit is available for EUVD-2026-30700. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for EUVD-2026-30700?

Yes, a patch is available for EUVD-2026-30700. Update the affected software to the latest version immediately.

AstrBot EUVD-2026-30700

Q: What is the CVSS score of EUVD-2026-30700?

EUVD-2026-30700 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-8754 LOW

Path Traversal (CWE-22)

2026-05-17 VulDB

GHSA-f63h-wc26-pmvc

Path Traversal File Upload

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

May 17, 2026 - 13:22 NVD

MEDIUM LOW

CVSS changed

May 17, 2026 - 13:22 NVD

6.3 (MEDIUM) 2.1 (LOW)

Source Code Evidence Fetched

May 17, 2026 - 13:00 vuln.today

Analysis Generated

May 17, 2026 - 13:00 vuln.today

DescriptionNVD

A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function post_file of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 4.23.6 is recommended to address this issue. The patch is identified as aaec41e5054569ceaa1113593a34da7568e2d211. You should upgrade the affected component.

AnalysisAI

Path traversal in AstrBot dashboard file upload allows authenticated remote attackers to write files outside intended directories via manipulated filenames. Affected versions through 4.23.5 fail to sanitize user-supplied filenames in the post_file function, enabling directory traversal sequences (../, ..\ ) to bypass access controls. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-30700 vulnerability details – vuln.today

Back