AstrBotDevs AstrBot API Endpoint post_data.get server-side request forgery_CVE-2026-6119

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-6119

Source VulDB

Published Apr 12, 2026 at 05:00

Affected Product

Vendor AstrBotDevs

Product AstrBot

Version 4.22.0

Affected Versions AstrBotDevs AstrBot 4.22.0
AstrBotDevs AstrBot 4.22.1

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-04-12T05:00:20.093Z",
    "modified": "2026-04-12T05:00:20.093Z",
    "type": "cve",
    "title": "AstrBotDevs AstrBot API Endpoint post_data.get server-side request forgery",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/356979\nhttps://vuldb.com/vuln/356979/cti\nhttps://vuldb.com/submit/792661\nhttps://github.com/AstrBotDevs/AstrBot/issues/7171\nhttps://github.com/AstrBotDevs/AstrBot/",
    "id": "CVE-2026-6119",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "AstrBotDevs AstrBot 4.22.0\nAstrBotDevs AstrBot 4.22.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AstrBot",
    "version": "4.22.0",
    "vendor": "AstrBotDevs",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}