No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Sun, 12 Jul 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function get_online_plugins of the file astrbot/dashboard/routes/plugin.py of the component market_list Endpoint. Executing a manipulation of the argument custom_registry can lead to server-side request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |
| Title | AstrBotDevs AstrBot market_list Endpoint plugin.py get_online_plugins server-side request forgery | |
| First Time appeared |
Astrbot
Astrbot astrbot |
|
| Weaknesses | CWE-918 | |
| CPEs | cpe:2.3:a:astrbot:astrbot:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Astrbot
Astrbot astrbot |
|
| References |
| |
| Metrics |
cvssV2_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-12T12:00:07.716Z
Reserved: 2026-07-11T12:41:58.125Z
Link: CVE-2026-15500
No data.
No data.
No data.
OpenCVE Enrichment
No data.