CVE-2026-6119
published 2026-04-12CVE-2026-6119: A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such…
PriorityP343medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
0.26%
17.0th percentile
A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| astrbotdevs | astrbot | — | — |
| astrbotdevs | astrbot | — | — |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m686-8xw7-xqg8: A vulnerability was identified in AstrBotDevs AstrBot up to 4
ghsa_unreviewed·2026-04-12
CVE-2026-6119 [MEDIUM] CWE-918 GHSA-m686-8xw7-xqg8: A vulnerability was identified in AstrBotDevs AstrBot up to 4
A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
VulDB
AstrBotDevs AstrBot up to 4.22.1 API Endpoint post_data.get server-side request forgery (Issue 7171)
vuldb·2026-04-11·CVSS 5.3
CVE-2026-6119 [MEDIUM] AstrBotDevs AstrBot up to 4.22.1 API Endpoint post_data.get server-side request forgery (Issue 7171)
A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. It has been declared as critical. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request forgery.
This vulnerability is listed as CVE-2026-6119. The attack may be performed from remote. In addition, an exploit is available.
The project was informed of the problem early through an issue report but has not responded yet.
No detection rules found.
No public exploits indexed.
2026-04-12
Published