Medium severity6.3NVD Advisory· Published Apr 12, 2026· Updated Apr 29, 2026

CVE-2026-6117

Description

A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

AstrBotDevs/Astrbotreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/AstrBotDevs/AstrBot/issues/7168nvd
vuldb.com/submit/792653nvd
vuldb.com/vuln/356977nvd
vuldb.com/vuln/356977/ctinvd

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000