CVE-2026-10212

6.3 MEDIUM

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2

Published: 2026-06-01 · Last updated: 2026-06-01

Severity and scoring

CVSS: 6.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-285, CWE-639

Description

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astr_main_agent of the file astrbot/core/astr_main_agent.py. Such manipulation of the argument session_id leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10212
[Other]https://gist.github.com/YLChen-007/91a7f955143099e1747424707dfad0f9
[Other]https://vuldb.com/cve/CVE-2026-10212
[Other]https://vuldb.com/submit/821923
[Other]https://vuldb.com/vuln/367491
[Other]https://vuldb.com/vuln/367491/cti

Related CVEs

Same CWE

CVE-2026-12213 — A vulnerability was found in hcengineering Huly Platform up to 0.7.0 (4.3 MEDIUM)
CVE-2026-12204 — A vulnerability was determined in ShopXO up to 6.7.1 (7.3 HIGH)
CVE-2026-12190 — A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android (5.3 MEDIUM)
CVE-2026-12189 — A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android (5.3 MEDIUM)
CVE-2026-1291 — The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST AP... (4.3 MEDIUM)