CVE-2026-16076
AstrBot up to version 4.25.5 is affected by CVE-2026-16076. The vulnerability occurs in OpenApiRoute.chat_send (astrbot/dashboard/routes/open_api.py) where manipulation of the Username argument leads to authentication bypass by spoofing. The issue is exploitable remotely, the exploit is publicly ...