CVE-2026-10210 | AstrBotDevs AstrBot 4.23.6 skill_manager.py _sanitize_prompt_description injection

Inserito da Angelo Barbosa | Mag 31, 2026 | CVE

A vulnerability, which was classified as critical, was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function _sanitize_prompt_description of the file astrbot/core/skills/skill_manager.py. The manipulation results in injection.

This vulnerability was named CVE-2026-10210. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-10210 | AstrBotDevs AstrBot 4.23.6 skill_manager.py _sanitize_prompt_description injection

Post correlati

CVE-2024-5117 | SourceCodester Event Registration System 1.0 portal.php username/password sql injection

CVE-2021-47129 | Linux Kernel up to 5.4.124/5.10.42/5.12.9 Netfilter nf_conntrack_extend.c nft_ct_expect_obj_eval Privilege Escalation

CVE-2022-49867 | Linux Kernel up to 5.15.78/6.0.8 free_netdev memory leak

CVE-2025-5257 | Mautic up to 6.0.1/5.4.5/4.4.15 /page/preview/1 improper validation of specified quantity in input (GHSA-cqx4-9vqf-q3m8)