Skip to main content

AstrBot EUVDEUVD-2026-45315

| CVE-2026-16074 LOW
Server-Side Request Forgery (SSRF) (CWE-918)
2026-07-17 VulDB GHSA-g69g-pch9-xj9r
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.4 MEDIUM

Network-reachable dashboard requires low-privilege auth (PR:L); SSRF yields limited read/request capability with no confirmed availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Severity Changed
Jul 17, 2026 - 21:22 NVD
MEDIUM LOW
CVSS changed
Jul 17, 2026 - 21:22 NVD
5.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
Jul 17, 2026 - 21:00 vuln.today
CVE Published
Jul 17, 2026 - 20:15 cve.org
MEDIUM 5.3

DescriptionCVE.org

A vulnerability was detected in AstrBotDevs AstrBot up to 4.25.2. This affects the function update_plugin/update_all_plugins of the file astrbot/dashboard/routes/plugin.py of the component Plugin Update Handler. The manipulation of the argument download_url/download_urls/proxy results in server-side request forgery. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Server-side request forgery in AstrBotDevs AstrBot up to version 4.25.2 allows authenticated low-privilege users to make the server issue arbitrary HTTP requests by injecting a malicious URL into the download_url, download_urls, or proxy arguments of the plugin update handler. The affected endpoint resides in astrbot/dashboard/routes/plugin.py within the update_plugin and update_all_plugins functions. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege dashboard credentials
Delivery
Craft plugin update request with internal URL as download_url or proxy
Exploit
AstrBot server issues HTTP request to attacker-specified target
Execution
Receive internal service response or metadata
Impact
Enumerate internal network resources

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated session with at least low-privilege access to the AstrBot dashboard - unauthenticated exploitation is not possible per the CVSS PR:L metric. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P) scores 5.3, reflecting medium severity. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privilege access to the AstrBot dashboard sends a crafted POST request to the plugin update endpoint, substituting the download_url or proxy parameter with an internal URL such as http://169.254.169.254/latest/meta-data/ or an internal API endpoint. The AstrBot server fetches the attacker-specified URL and the response may be reflected or logged, allowing the attacker to enumerate internal services or extract cloud instance metadata. …
Remediation No vendor-released patch has been identified at time of analysis; the vendor did not respond to disclosure. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-48957 HIGH POC
7.5 Jun 02

AstrBot versions 3.4.4 through 3.5.12 contain a path traversal vulnerability (CWE-23) in the dashboard feature that allo

CVE-2026-7579 MEDIUM POC
5.5 May 01

Hard-coded credentials in AstrBot Dashboard (versions ≤4.16.0) enable remote unauthenticated attackers to bypass authent

CVE-2026-6118 LOW POC
2.1 Apr 12

Command injection in AstrBot's MCP endpoint handler (add_mcp_server function) allows authenticated remote attackers to e

CVE-2026-15501 LOW POC
2.1 Jul 12

Server-side request forgery in AstrBot's dashboard MCP Test Endpoint allows low-privileged authenticated users to coerce

CVE-2026-10213 LOW POC
2.1 Jun 01

Path traversal in AstrBot 4.23.6 allows authenticated remote attackers to manipulate the Name parameter of the /api/skil

CVE-2026-10210 LOW POC
2.1 Jun 01

Injection in AstrBot 4.23.6 allows authenticated remote attackers to manipulate input through the `_sanitize_prompt_desc

CVE-2026-6117 LOW POC
2.1 Apr 12

AstrBot versions up to 4.22.1 allow authenticated remote attackers to bypass sandbox restrictions via malicious file upl

CVE-2026-10212 LOW POC
2.1 Jun 01

Authorization bypass in AstrBotDevs AstrBot 4.24.2 enables remote low-privilege authenticated attackers to manipulate th

CVE-2026-10211 LOW POC
2.1 Jun 01

Incorrect authorization in AstrBot 4.23.6 allows remote low-privileged attackers to bypass filesystem path restrictions

CVE-2026-8754 LOW POC
2.1 May 17

Path traversal in AstrBot dashboard file upload allows authenticated remote attackers to write files outside intended di

CVE-2026-6119 LOW POC
2.1 Apr 12

Server-side request forgery (SSRF) in AstrBot API endpoint post_data.get allows authenticated remote attackers to perfor

CVE-2026-15500 LOW POC
2.1 Jul 12

Server-side request forgery in AstrBot up to version 4.25.2 allows authenticated remote attackers to cause the server to

Share

EUVD-2026-45315 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy