PT-2026-32149 · Astrbot · Astrbot

Yu_Bao

·

Published

2026-04-12

·

Updated

2026-04-12

·

CVE-2026-6117

CVSS v2.0

6.5

Medium

VectorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions AstrBot versions up to 4.22.1
Description A security issue exists in AstrBotDevs AstrBot up to version 4.22.1. The install plugin upload function within the astrbot/dashboard/routes/plugin.py file is susceptible to a sandbox issue due to manipulation of the File argument. This issue can be exploited remotely. The exploit has been publicly disclosed.
Recommendations Versions prior to 4.22.1 should be used.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-265CWE-264

Related Identifiers

CVE-2026-6117

Affected Products

Astrbot