PT-2026-60922 · Astrbot · Astrbot

·

CVE-2026-16077

·

Published

2026-07-18

·

Updated

2026-07-18

CVSS v3.1

5.3

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions AstrBot versions prior to 4.25.6
Description An issue exists in the Filesystem Computer-Use Tool within the normalize rw path() function of the astrbot/core/tools/computer tools/fs.py file. A local attacker can perform a manipulation that results in link following, which occurs when the software follows a symbolic link to access a file or directory outside the intended scope.
Recommendations Update to a version newer than 4.25.5. As a temporary mitigation, restrict local access to the system to prevent exploitation of the normalize rw path() function.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-16077

Affected Products

Astrbot