CVE-2026-10212 | AstrBotDevs AstrBot 4.24.2 astr_main_agent.py astr_main_agent session_id authorization

Inserito da Angelo Barbosa | Mag 31, 2026 | CVE

A vulnerability was found in AstrBotDevs AstrBot 4.24.2 and classified as critical. This affects the function astr_main_agent of the file astrbot/core/astr_main_agent.py. Such manipulation of the argument session_id leads to authorization bypass.

This vulnerability is referenced as CVE-2026-10212. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-10212 | AstrBotDevs AstrBot 4.24.2 astr_main_agent.py astr_main_agent session_id authorization

Post correlati

CVE-2025-24924 | GMOD Apollo up to 2.7.x missing authentication (icsa-25-063-07)

CVE-2024-9294 | dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c saveNewPwd.php username sql injection

CVE-2023-50808 | Zimbra Collaboration Suite up to 9.0.0 Patch 37 Modern UI cross site scripting

CVE-2024-25850 | Netis WF2780 2.1.40144 wps_ap_ssid5g command injection