CVE-2026-10213 | AstrBotDevs AstrBot 4.23.6 API Endpoint /api/skills/delete Name path traversal

Inserito da Angelo Barbosa | Mag 31, 2026 | CVE

A vulnerability was found in AstrBotDevs AstrBot 4.23.6. It has been classified as critical. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing a manipulation of the argument Name results in path traversal.

This vulnerability is identified as CVE-2026-10213. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-10213 | AstrBotDevs AstrBot 4.23.6 API Endpoint /api/skills/delete Name path traversal

Post correlati

CVE-2024-47183 | parse-community parse-server up to 6.5.8/7.2.x improper authorization (GHSA-8xq9-g7ch-35hg)

CVE-2024-8352 | Social Web Suite Plugin up to 4.1.11 on WordPress path traversal

CVE-2025-54124 | xwiki-platform up to 16.4.6/16.10.4/17.1.x Password Hash exposure of private personal information to an unauthorized actor (GHSA-r38m-cgpg-qj69)

CVE-2024-10522 | seb-emendo Co-marquage service-public.fr Plugin up to 0.5.76 on WordPress add_query_arg cross site scripting