CVE-2026-6117

Summary

A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected Software

VendorProductVersion RangeStatus
AstrBotDevsAstrBot4.22.0affected
AstrBotDevsAstrBot4.22.1affected

Weaknesses

  • CWE-265: Sandbox Issue
  • CWE-264: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References