VYPR

Astrbot

by AstrBotDevs

pypi: astrbot

Source repositories

CVEs (9)

  • CVE-2026-10212MedJun 1, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astr_main_agent of the file astrbot/core/astr_main_agent.py. Such manipulation of the argument session_id leads to authorization bypass. It is possible to launch the attack remotely. The…

  • CVE-2026-10211MedJun 1, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function _normalize_rw_path of the file astrbot/core/tools/computer_tools/fs.py. This manipulation causes incorrect authorization. It is possible to initiate the attack remotely. The…

  • CVE-2026-10210MedJun 1, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function _sanitize_prompt_description of the file astrbot/core/skills/skill_manager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has…

  • CVE-2026-10213MedJun 1, 2026
    risk 0.35cvss 5.4epss 0.00

    A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing a manipulation of the argument Name results in path traversal. The attack can be initiated…

  • CVE-2026-6119MedApr 12, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly…

  • CVE-2026-6118MedApr 12, 2026
    risk 0.34cvss 6.3epss 0.02

    A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to…

  • CVE-2026-6117MedApr 12, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The…

  • CVE-2026-6984MedApr 25, 2026
    risk 0.31cvss 4.7epss 0.00

    A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create_template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a…

  • CVE-2025-48957Jun 2, 2025
    risk 0.00cvss epss 0.01

    AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. The vulnerability has…