CVE-2026-7579

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions AstrBotDevs AstrBot versions prior to 4.16.1

Description The Dashboard component contains hard-coded credentials within the file astrbot/dashboard/routes/auth.py. This flaw allows a remote attacker to gain unauthorized access to the system.

Recommendations Update to a version later than 4.16.0. Restrict access to the astrbot/dashboard/routes/auth.py authentication routes to minimize the risk of unauthorized access.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-259CWE-798

Related Identifiers

CVE-2026-7579

GHSA-MQ9Q-25HM-G4GP

Affected Products

Astrbot

CVE-2026-7579

Weakness Enumeration

Related Identifiers

Affected Products

References · 11