Skip to main content

AstrBot EUVDEUVD-2026-43237

| CVE-2026-15501 LOW
Server-Side Request Forgery (SSRF) (CWE-918)
2026-07-12 VulDB GHSA-hhgm-hv3h-m233
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.0 MEDIUM

Network-reachable SSRF requiring low-privilege auth (PR:L); scope changes as server reaches internal systems (S:C); confidentiality impact only, no direct integrity/availability effect on the vulnerable system.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jul 12, 2026 - 13:22 NVD
MEDIUM LOW
CVSS changed
Jul 12, 2026 - 13:22 NVD
5.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
Jul 12, 2026 - 13:16 vuln.today

DescriptionCVE.org

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.test_mcp_connection of the file astrbot/dashboard/routes/tools.py of the component MCP Test Endpoint. The manipulation of the argument mcp_server_config.url leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Server-side request forgery in AstrBot's dashboard MCP Test Endpoint allows low-privileged authenticated users to coerce the server into issuing arbitrary HTTP requests via a manipulated mcp_server_config.url parameter. All AstrBot versions through 4.25.2 are affected via the ToolsRoute.test_mcp_connection function in astrbot/dashboard/routes/tools.py. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege AstrBot dashboard credentials
Delivery
Authenticate to AstrBot dashboard remotely
Exploit
Submit crafted internal URL to MCP Test Endpoint
Execution
Server issues HTTP request to internal target
Persist
Receive internal service response via dashboard
Impact
Enumerate internal network or exfiltrate cloud metadata

Vulnerability AssessmentAI

Exploitation Exploitation requires low-privilege authenticated access to the AstrBot web dashboard - the attacker must hold valid credentials for the dashboard interface. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N) scores 5.3, a medium severity reflecting constrained impact per affected metric. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privilege access to the AstrBot dashboard crafts an HTTP request to the MCP Test Endpoint, supplying an internal IP address or cloud metadata URL (e.g., `http://169.254.169.254/latest/meta-data/`) as the `mcp_server_config.url` value. The server issues the request on behalf of the attacker, returning internal service responses that can reveal cloud credentials, internal hostnames, or service banners. …
Remediation No vendor-released patch has been identified at time of analysis, and the vendor did not respond to disclosure. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-48957 HIGH POC
7.5 Jun 02

AstrBot versions 3.4.4 through 3.5.12 contain a path traversal vulnerability (CWE-23) in the dashboard feature that allo

CVE-2026-7579 MEDIUM POC
5.5 May 01

Hard-coded credentials in AstrBot Dashboard (versions ≤4.16.0) enable remote unauthenticated attackers to bypass authent

CVE-2026-6118 LOW POC
2.1 Apr 12

Command injection in AstrBot's MCP endpoint handler (add_mcp_server function) allows authenticated remote attackers to e

CVE-2026-10213 LOW POC
2.1 Jun 01

Path traversal in AstrBot 4.23.6 allows authenticated remote attackers to manipulate the Name parameter of the /api/skil

CVE-2026-10210 LOW POC
2.1 Jun 01

Injection in AstrBot 4.23.6 allows authenticated remote attackers to manipulate input through the `_sanitize_prompt_desc

CVE-2026-6117 LOW POC
2.1 Apr 12

AstrBot versions up to 4.22.1 allow authenticated remote attackers to bypass sandbox restrictions via malicious file upl

CVE-2026-10212 LOW POC
2.1 Jun 01

Authorization bypass in AstrBotDevs AstrBot 4.24.2 enables remote low-privilege authenticated attackers to manipulate th

CVE-2026-10211 LOW POC
2.1 Jun 01

Incorrect authorization in AstrBot 4.23.6 allows remote low-privileged attackers to bypass filesystem path restrictions

CVE-2026-8754 LOW POC
2.1 May 17

Path traversal in AstrBot dashboard file upload allows authenticated remote attackers to write files outside intended di

CVE-2026-6119 LOW POC
2.1 Apr 12

Server-side request forgery (SSRF) in AstrBot API endpoint post_data.get allows authenticated remote attackers to perfor

CVE-2026-15500 LOW POC
2.1 Jul 12

Server-side request forgery in AstrBot up to version 4.25.2 allows authenticated remote attackers to cause the server to

CVE-2026-15499 LOW POC
2.1 Jul 12

Improper authorization in AstrBot's Scheduled Task Handler allows a remote low-privileged user to bypass authorization c

Share

EUVD-2026-43237 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy