CVE-2026-6984

Name of the Vulnerable Software and Affected Versions AstrBotDevs AstrBot versions prior to 4.22.2

Description A flaw in the Dashboard API component allows remote attackers to exploit improper neutralization of special elements used in a template engine. This occurs within the create template() function located in the astrbot/dashboard/routes/t2i.py file.

Recommendations As a temporary workaround, consider restricting access to the create template() function in the astrbot/dashboard/routes/t2i.py file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.