PT-2026-45243 · Astrbotdevs · Astrbot
Eric-A
·
Published
2026-06-01
·
Updated
2026-06-01
·
CVE-2026-10211
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
AstrBotDevs AstrBot version 4.23.6
Description
An issue exists in the
normalize rw path() function within the astrbot/core/tools/computer tools/fs.py file. This flaw allows for incorrect authorization and can be triggered remotely.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
As a temporary workaround, consider restricting the use of the
normalize rw path() function to minimize the risk of exploitation.Exploit
Incorrect Authorization
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astrbot