2 matches found
CVE-2026-16075 AstrBotDevs AstrBot session-listing Endpoint open_api.py OpenApiRoute.get_chat_sessions authorization
A flaw has been found in AstrBotDevs AstrBot up to 4.25.5. This vulnerability affects the function OpenApiRoute.getchatsessions of the file astrbot/dashboard/routes/openapi.py of the component session-listing Endpoint. This manipulation of the argument Username causes authorization bypass. It is...
CVE-2026-16075
CVE-2026-16075 affects AstrBotDevs AstrBot up to 4.25.5. The flaw is in the function OpenApiRoute.get_chat_sessions (file astrbot/dashboard/routes/open_api.py) of the session-listing Endpoint. By manipulating the Username argument, an authorization bypass is possible, and the issue can be exploit...