Browse all 6 CVE security advisories affecting AstrBotDevs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
AstrBotDevs develops an AI chatbot management platform primarily used for automating customer interactions and support services. Historically, their software has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and authentication flaws. The project maintains six CVE records, with several critical issues allowing unauthorized system access and data exfiltration. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in web interfaces and API endpoints suggests ongoing challenges in secure coding practices, particularly in handling user-supplied data and access control mechanisms.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-7579 | AstrBotDevs AstrBot Dashboard auth.py hard-coded credentials — AstrBotCWE-798 | 7.3 | High | 2026-05-01 |
| CVE-2026-6984 | AstrBotDevs AstrBot Dashboard API t2i.py create_template special elements used in a template engine — AstrBotCWE-1336 | 4.7 | Medium | 2026-04-25 |
| CVE-2026-6119 | AstrBotDevs AstrBot API Endpoint post_data.get server-side request forgery — AstrBotCWE-918 | 6.3 | Medium | 2026-04-12 |
| CVE-2026-6118 | AstrBotDevs AstrBot MCP Endpoint tools.py add_mcp_server command injection — AstrBotCWE-77 | 6.3 | Medium | 2026-04-12 |
| CVE-2026-6117 | AstrBotDevs AstrBot install-upload Endpoint plugin.py install_plugin_upload sandbox — AstrBotCWE-265 | 6.3 | Medium | 2026-04-12 |
| CVE-2025-48957 | AstrBot Has Path Traversal Vulnerability in /api/chat/get_file — AstrBotCWE-23 | 7.5 | High | 2025-06-02 |
This page lists every published CVE security advisory associated with AstrBotDevs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.