Browse all 6 CVE security advisories affecting CBOT. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CBOT is an open-source cryptocurrency trading bot designed to automate trading strategies across multiple exchanges. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure API integrations. The platform's architecture exposes risks through its plugin system and third-party dependencies. While no major public security incidents have been widely documented, its six recorded CVEs highlight ongoing concerns about secure coding practices. Users should implement strict network segmentation and regular updates to mitigate potential exploitation risks, particularly given the bot's direct access to trading accounts and sensitive financial data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-2887 | User Authentication Bypass in CBOT's Chatbot — ChatbotCWE-290 | 9.8 | Critical | 2023-05-25 |
| CVE-2023-2886 | Cross-Site WebSocket Hijacking in CBOT's Chatbot — ChatbotCWE-1385 | 4.3 | Medium | 2023-05-25 |
| CVE-2023-2885 | Channel Accessible by Non-Endpoint in CBOT's Chatbot — ChatbotCWE-924 | 8.1 | High | 2023-05-25 |
| CVE-2023-2884 | Insecure Randomness in CBOT's Chatbot — ChatbotCWE-338 | 9.8 | Critical | 2023-05-25 |
| CVE-2023-2883 | IDOR in CBOT's Chatbot — ChatbotCWE-639 | 8.8 | High | 2023-05-25 |
| CVE-2023-2882 | Privilege Escalation in CBOT's Chatbot — ChatbotCWE-1270 | 9.8 | Critical | 2023-05-25 |
This page lists every published CVE security advisory associated with CBOT. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.