CVE-2026-10212

Name of the Vulnerable Software and Affected Versions AstrBotDevs AstrBot version 4.24.2

Description An authorization bypass exists that can be triggered remotely. The issue occurs within the astr main agent() function located in the astrbot/core/astr main agent.py file, where manipulation of the session id argument allows an attacker to bypass security checks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the astr main agent() function or monitor the session id argument for suspicious manipulation.