CVE-2026-6117 | AstrBotDevs AstrBot up to 4.22.1 install-upload Endpoint plugin.py install_plugin_upload File sandbox (Issue 7168)

A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1 and classified as critical. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue.

This vulnerability is identified as CVE-2026-6117. The attack can be executed remotely. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-6117 | AstrBotDevs AstrBot up to 4.22.1 install-upload Endpoint plugin.py install_plugin_upload File sandbox (Issue 7168)

Post correlati

CVE-2024-12362 | InvoicePlane up to 1.6.1 invoices.php download invoice path traversal

CVE-2025-14867 | liangshao Flashcard Plugin for WordPress up to 0.9 on WordPress Shortcode flashcard path traversal

CVE-2025-62246 | Liferay Portal/DXP cross site scripting

CVE-2024-12273 | Calculated Fields Form Plugin up to 5.2.61 on WordPress Setting cross site scripting