AstrBotDevs AstrBot astr_main_agent.py astr_main_agent authorization_CVE-2026-10212

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astr_main_agent of the file astrbot/core/astr_main_agent.py. Such manipulation of the argument session_id leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-10212

Source VulDB

Published Jun 1, 2026 at 01:30

Affected Product

Vendor AstrBotDevs

Product AstrBot

Version 4.24.2

Affected Versions AstrBotDevs AstrBot 4.24.2

CWE Classification

CWE-639 CWE-285

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This affects the function astr_main_agent of the file astrbot/core/astr_main_agent.py. Such manipulation of the argument session_id leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-06-01T01:30:10.133Z",
    "modified": "2026-06-01T01:30:10.133Z",
    "type": "cve",
    "title": "AstrBotDevs AstrBot astr_main_agent.py astr_main_agent authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/367491\nhttps://vuldb.com/vuln/367491/cti\nhttps://vuldb.com/cve/CVE-2026-10212\nhttps://vuldb.com/submit/821923\nhttps://gist.github.com/YLChen-007/91a7f955143099e1747424707dfad0f9",
    "id": "CVE-2026-10212",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639",
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "AstrBotDevs AstrBot 4.24.2",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AstrBot",
    "version": "4.24.2",
    "vendor": "AstrBotDevs",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}