A vulnerability has been found in AstrBotDevs AstrBot up to 4.25.5. This issue affects the function OpenApiRoute.chat_send of the file astrbot/dashboard/routes/open_api.py of the component API. Such manipulation of the argument Username leads to authentication bypass by spoofing. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Metrics
Affected Vendors & Products
References
History
Sat, 18 Jul 2026 06:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability has been found in AstrBotDevs AstrBot up to 4.25.5. This issue affects the function OpenApiRoute.chat_send of the file astrbot/dashboard/routes/open_api.py of the component API. Such manipulation of the argument Username leads to authentication bypass by spoofing. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| Title | AstrBotDevs AstrBot API open_api.py OpenApiRoute.chat_send authentication spoofing | |
| First Time appeared |
Astrbot
Astrbot astrbot |
|
| Weaknesses | CWE-287 CWE-290 |
|
| CPEs | cpe:2.3:a:astrbot:astrbot:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Astrbot
Astrbot astrbot |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-18T05:30:08.451Z
Reserved: 2026-07-17T13:39:29.721Z
Link: CVE-2026-16076
No data.
No data.
No data.
OpenCVE Enrichment
No data.