CVE-2026-10213

Vulnerability

A path traversal vulnerability exists in AstrBot version 4.23.6 within the /api/skills/delete API endpoint. The Name parameter is not properly sanitized, allowing an attacker to supply values containing ../ sequences to delete directories outside the intended skills directory. The vendor was contacted but did not respond [1].

Exploitation

An attacker must first authenticate to the AstrBot instance. The default credentials (astrbot / 77b90590a8945a7d36c963981a307dc9) are used in the public proof-of-concept [1]. After obtaining a valid token via /api/auth/login, the attacker sends a POST request to /api/skills/delete with a crafted Name parameter containing path traversal sequences (e.g., ../../../data/poc_target_exploit). No additional user interaction is required [1].

Impact

Successful exploitation allows the attacker to delete arbitrary directories on the server. The public PoC demonstrates deletion of a directory under /root/project/, which could lead to data loss or denial of service. No file read, write, or code execution capabilities are indicated by the available references [1].

Mitigation

No official patch or vendor response has been published as of the disclosure date. Users should restrict network access to the AstrBot API, change default credentials immediately, and monitor logs for unauthorized /api/skills/delete requests. If the endpoint is not required, it should be disabled or blocked at the network level [1].