Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/04/14 7:24 p.m.8 views

CVE-2026-6118

A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function addmcpserver of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to be carried out...

6.5CVSS6.3AI score0.02304EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/12 6:30 a.m.7 views

EUVD-2026-21712

A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function addmcpserver of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to be carried out...

6.5CVSS5.5AI score0.02304EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/12 6:2 a.m.5 views

Arbitrary Code Injection

Overview AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Arbitrary Code Injection via the addmcpserver function in the MCP Endpoint component when processing untrusted input in the command argument. An attacker can execute arbitrary system commands by...

8.8CVSS6.8AI score0.02304EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/12 4:45 a.m.3 views

CVE-2026-6118

A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function addmcpserver of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to be carried out...

6.5CVSS6.3AI score0.02304EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/12 4:45 a.m.3 views

CVE-2026-6118 AstrBotDevs AstrBot MCP Endpoint tools.py add_mcp_server command injection

A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function addmcpserver of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to be carried out...

6.5CVSS6.3AI score0.02304EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.7 views

PT-2026-32150

Name of the Vulnerable Software and Affected Versions AstrBot versions up to 4.22.1 Description A command injection issue exists in AstrBotDevs AstrBot up to version 4.22.1. The add mcp server function within the astrbot/dashboard/routes/tools.py file, part of the MCP Endpoint component, is...

6.5CVSS6.5AI score0.02304EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/04/12 12:0 a.m.10 views

AstrBot 命令注入漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Versions of AstrBot 4.22.1 and earlier contained a command injection vulnerability. This vulnerability stemmed from the improper handling of the command parameter in the addmcpserver function within...

6.5CVSS6.6AI score0.02304EPSS
Exploits0References6
Rows per page
Query Builder