Astrbotdevs Astrbot
11 CVEs affecting Astrbotdevs Astrbot. Latest disclosed: 2026-06-01. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-48957 | High | 7.5 | 2025-06-02 | AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to inform… |
CVE-2026-7579 | High | 7.3 | 2026-05-01 | A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes… |
CVE-2026-10212 | Medium | 6.3 | 2026-06-01 | A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astr_main_agent of the file astrbot/core/astr_main_agent.py. Such manip… |
CVE-2026-10211 | Medium | 6.3 | 2026-06-01 | A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function _normalize_rw_path of the file astrbot/core/tools/computer… |
CVE-2026-10210 | Medium | 6.3 | 2026-06-01 | A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function _sanitize_prompt_description of the file astrbot/core/s… |
CVE-2026-8754 | Medium | 6.3 | 2026-05-17 | A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function post_file of the file astrbot/dashboard/routes/chat.py of the compon… |
CVE-2026-6119 | Medium | 6.3 | 2026-04-12 | A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such mani… |
CVE-2026-6118 | Medium | 6.3 | 2026-04-12 | A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of th… |
CVE-2026-6117 | Medium | 6.3 | 2026-04-12 | A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugi… |
CVE-2026-10213 | Medium | 5.4 | 2026-06-01 | A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API… |
CVE-2026-6984 | Medium | 4.7 | 2026-04-25 | A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create_template of the file astrbot/dashboard/routes/t2i.py… |