Medium severity6.3NVD Advisory· Published Apr 12, 2026· Updated Apr 29, 2026

CVE-2026-6119

Description

A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

AstrBotDevs/Astrbotreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/AstrBotDevs/AstrBot/issues/7171nvd
vuldb.com/submit/792661nvd
vuldb.com/vuln/356979nvd
vuldb.com/vuln/356979/ctinvd

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000