CVE-2026-6118
published 2026-04-12CVE-2026-6118: A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of…
PriorityP358medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EXPLOIT
EPSS
2.30%
81.2th percentile
A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| astrbotdevs | astrbot | — | — |
| astrbotdevs | astrbot | — | — |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g599-67fp-qhgv: A vulnerability was determined in AstrBotDevs AstrBot up to 4
ghsa_unreviewed·2026-04-12
CVE-2026-6118 [MEDIUM] CWE-74 GHSA-g599-67fp-qhgv: A vulnerability was determined in AstrBotDevs AstrBot up to 4
A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
VulDB
AstrBotDevs AstrBot up to 4.22.1 MCP Endpoint tools.py add_mcp_server command command injection (Issue 7169)
vuldb·2026-04-11·CVSS 5.3
CVE-2026-6118 [MEDIUM] AstrBotDevs AstrBot up to 4.22.1 MCP Endpoint tools.py add_mcp_server command command injection (Issue 7169)
A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. It has been classified as critical. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection.
This vulnerability is tracked as CVE-2026-6118. The attack is possible to be carried out remotely. Moreover, an exploit is present.
The project was informed of the problem early through an issue report but has not responded yet.
No detection rules found.
Nuclei
AstrBot <= 4.22.1 - Command Injection
nuclei·CVSS 5.3
CVE-2026-6118 [MEDIUM] AstrBot <= 4.22.1 - Command Injection
AstrBot <= 4.22.1 - Command Injection
AstrBot versions up to and including 4.22.1 contain a command injection vulnerability in the MCP server configuration endpoint. The /api/tools/mcp/add endpoint accepts arbitrary command and args fields that are passed directly to subprocess execution during the connection test, without any validation or allowlist enforcement. An attacker with dashboard access can execute arbitrary system commands with AstrBot process privileges.
Template:
id: CVE-2026-6118
info:
name: AstrBot <= 4.22.1 - Command Injection
author: jyoti369
severity: high
description: |
AstrBot versions up to and including 4.22.1 contain a command injection vulnerability in the MCP server configuration endpoint. The /api/tools/mcp/add endpoint accepts arbitrary command and args field
No writeups or analysis indexed.
2026-04-12
Published