No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Sat, 18 Jul 2026 06:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability has been found in AstrBotDevs AstrBot up to 4.25.5. This issue affects the function OpenApiRoute.chat_send of the file astrbot/dashboard/routes/open_api.py of the component API. Such manipulation of the argument Username leads to authentication bypass by spoofing. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| Title | AstrBotDevs AstrBot API open_api.py OpenApiRoute.chat_send authentication spoofing | |
| First Time appeared |
Astrbot
Astrbot astrbot |
|
| Weaknesses | CWE-287 CWE-290 |
|
| CPEs | cpe:2.3:a:astrbot:astrbot:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Astrbot
Astrbot astrbot |
|
| References |
| |
| Metrics |
cvssV2_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-18T05:30:08.451Z
Reserved: 2026-07-17T13:39:29.721Z
Link: CVE-2026-16076
No data.
No data.
No data.
OpenCVE Enrichment
No data.