Astrbot

This hub aggregates every CVE we track for Astrbot, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 14 most recently published vulnerabilities affecting Astrbot.

• CVE-2026-10213AstrBotDevs AstrBot API Endpoint delete path traversal5.4Jun 1, 2026
• CVE-2026-10212AstrBotDevs AstrBot astr_main_agent.py astr_main_agent authorization6.3Jun 1, 2026
• CVE-2026-10211AstrBotDevs AstrBot fs.py _normalize_rw_path authorization6.3Jun 1, 2026
• CVE-2026-10210AstrBotDevs AstrBot skill_manager.py _sanitize_prompt_description injection6.3Jun 1, 2026
• CVE-2026-8754AstrBotDevs AstrBot File Upload chat.py post_file path traversal6.3May 17, 2026
• CVE-2025-55449AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operations_Tool as the hardcoded private key used to sign a JWT.7.3May 8, 2026
• CVE-2026-7579AstrBotDevs AstrBot Dashboard auth.py hard-coded credentials7.3May 1, 2026
• CVE-2026-6984AstrBotDevs AstrBot Dashboard API t2i.py create_template special elements used in a template engine4.7Apr 25, 2026
• CVE-2026-6119AstrBotDevs AstrBot API Endpoint post_data.get server-side request forgery6.3Apr 12, 2026
• CVE-2026-6118AstrBotDevs AstrBot MCP Endpoint tools.py add_mcp_server command injection6.3Apr 12, 2026
• CVE-2026-6117AstrBotDevs AstrBot install-upload Endpoint plugin.py install_plugin_upload sandbox6.3Apr 12, 2026
• CVE-2025-57697AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Since the _encode_image_bs64 function defined in entities.py opens the image specified by the user i...6.5Nov 7, 2025
• CVE-2025-57698AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function install_plugin_upload of the interface '/plugin/install-upload' parses the filename from the request body ...7.5Nov 7, 2025
• CVE-2025-48957AstrBot Has Path Traversal Vulnerability in /api/chat/get_file7.5Jun 2, 2025