CVE-2026-10211 | AstrBotDevs AstrBot 4.23.6 fs.py _normalize_rw_path authorization

Inserito da Angelo Barbosa | Mag 31, 2026 | CVE

A vulnerability has been found in AstrBotDevs AstrBot 4.23.6 and classified as critical. Affected by this issue is the function _normalize_rw_path of the file astrbot/core/tools/computer_tools/fs.py. This manipulation causes incorrect authorization.

The identification of this vulnerability is CVE-2026-10211. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-10211 | AstrBotDevs AstrBot 4.23.6 fs.py _normalize_rw_path authorization

Post correlati

CVE-2025-22905 | RE11S 1.11 /goform/mp command command injection

CVE-2025-15535 | nicbarker clay up to 0.14 clay.h Clay__MeasureTextCached null pointer dereference (Issue 566)

CVE-2023-46566 | msoulier tftpy 467017b844bf6e31745138a30e2509145b0c529c TftpPacketFactory buffer overflow

CVE-2023-52137 | tj-actions verify-changed-files up to 16.x input validation (GHSA-ghm2-rq8q-wrhc)