CVE-2026-7579

Summary

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
AstrBotDevsAstrBot4.0affected
AstrBotDevsAstrBot4.1affected
AstrBotDevsAstrBot4.2affected
AstrBotDevsAstrBot4.3affected
AstrBotDevsAstrBot4.4affected
AstrBotDevsAstrBot4.5affected
AstrBotDevsAstrBot4.6affected
AstrBotDevsAstrBot4.7affected
AstrBotDevsAstrBot4.8affected
AstrBotDevsAstrBot4.9affected
AstrBotDevsAstrBot4.10affected
AstrBotDevsAstrBot4.11affected
AstrBotDevsAstrBot4.12affected
AstrBotDevsAstrBot4.13affected
AstrBotDevsAstrBot4.14affected
AstrBotDevsAstrBot4.15affected
AstrBotDevsAstrBot4.16.0affected

Weaknesses

  • CWE-798: Hard-coded Credentials
  • CWE-259: Use of Hard-coded Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References