CVE-2026-10210 | AstrBotDevs AstrBot 4.23.6 skill_manager.py _sanitize_prompt_description injection

Inserito da Angelo Barbosa | Mag 31, 2026 | CVE

A vulnerability, which was classified as critical, was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function _sanitize_prompt_description of the file astrbot/core/skills/skill_manager.py. The manipulation results in injection.

This vulnerability was named CVE-2026-10210. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-10210 | AstrBotDevs AstrBot 4.23.6 skill_manager.py _sanitize_prompt_description injection

Post correlati

CVE-2025-7898 | Codecanyon iDentSoft 2.0 Account Setting Page updateSetting photo unrestricted upload

CVE-2024-33629 | Creative Motion Auto Featured Image Plugin up to 4.0.0 on WordPress server-side request forgery

CVE-2025-5434 | Aem Solutions CMS up to 1.0 /page.php ID sql injection

CVE-2026-33693 | activitypub_federation v4_is_invalid server-side request forgery