No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Sat, 18 Jul 2026 04:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw has been found in AstrBotDevs AstrBot up to 4.25.5. This vulnerability affects the function OpenApiRoute.get_chat_sessions of the file astrbot/dashboard/routes/open_api.py of the component session-listing Endpoint. This manipulation of the argument Username causes authorization bypass. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| Title | AstrBotDevs AstrBot session-listing Endpoint open_api.py OpenApiRoute.get_chat_sessions authorization | |
| First Time appeared |
Astrbot
Astrbot astrbot |
|
| Weaknesses | CWE-285 CWE-639 |
|
| CPEs | cpe:2.3:a:astrbot:astrbot:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Astrbot
Astrbot astrbot |
|
| References |
| |
| Metrics |
cvssV2_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-18T04:00:08.494Z
Reserved: 2026-07-17T13:39:26.049Z
Link: CVE-2026-16075
No data.
No data.
No data.
OpenCVE Enrichment
No data.