CVE-2026-10211

6.3 MEDIUM

A vulnerability was determined in AstrBotDevs AstrBot 4.23.6

Published: 2026-06-01 · Last updated: 2026-06-01

Severity and scoring

CVSS: 6.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-285, CWE-863

Description

A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function _normalize_rw_path of the file astrbot/core/tools/computer_tools/fs.py. This manipulation causes incorrect authorization. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10211
[Other]https://gist.github.com/YLChen-007/b5e4671ff68e4f9001d977180ef4f081
[Other]https://vuldb.com/cve/CVE-2026-10211
[Other]https://vuldb.com/submit/821921
[Other]https://vuldb.com/vuln/367490
[Other]https://vuldb.com/vuln/367490/cti

Related CVEs

Same CWE

CVE-2026-47777 — Mastodon is a free, open-source social network server based on ActivityPub (7.5 HIGH)
CVE-2016-20075 — WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor... (8.8 HIGH)
CVE-2026-34023 — The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket...
CVE-2026-12213 — A vulnerability was found in hcengineering Huly Platform up to 0.7.0 (4.3 MEDIUM)
CVE-2026-12204 — A vulnerability was determined in ShopXO up to 6.7.1 (7.3 HIGH)