CVE-2026-15501
CVE-2026-15501 affects AstrBot (up to version 4.25.2). The vulnerability is in the function ToolsRoute.test_mcp_connection (astrbot/dashboard/routes/tools.py, MCP Test Endpoint), where manipulating mcp_server_config.url leads to server-side request forgery (SSRF). The attack is remotely exploitab...