PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-10212 AstrBotDevs CVE debrief

A low-severity authorization bypass vulnerability in AstrBot 4.24.2 allows remote attackers to bypass authorization controls by manipulating the session_id argument in the astr_main_agent function of astrbot/core/astr_main_agent.py. The CVSS 4.0 score of 2.1 reflects limited privileges required and low impact on confidentiality, integrity, and availability. The exploit has been publicly disclosed via a GitHub Gist, and the vendor was reportedly contacted but did not respond. No CISA KEV listing or known ransomware campaign use has been identified.

Vendor
AstrBotDevs
Product
AstrBot
CVSS
LOW 2.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-01
Original CVE updated
2026-06-01
Advisory published
2026-06-01
Advisory updated
2026-06-01

Who should care

Organizations self-hosting AstrBot 4.24.2 instances, particularly those exposed to untrusted networks or multi-user environments where session isolation is critical. Security teams monitoring for authorization bypass vulnerabilities in Python-based chatbot or agent frameworks.

Technical summary

The astr_main_agent function in AstrBot 4.24.2 fails to properly validate or authorize session_id arguments, enabling an attacker with low privileges to bypass authorization controls remotely. The vulnerability is located in astrbot/core/astr_main_agent.py. A publicly available exploit demonstrates the attack. The CVSS 4.0 score of 2.1 (LOW) reflects the limited scope of impact and privileges required. No patch is currently available from the vendor.

Defensive priority

low

Recommended defensive actions

  • Review and validate session_id handling in astrbot/core/astr_main_agent.py to ensure proper authorization checks are enforced before processing requests
  • Implement server-side session validation that binds session identifiers to authenticated user contexts and rejects unauthorized session_id manipulations
  • Consider applying input validation and sanitization for session_id parameters to prevent injection or spoofing attempts
  • Monitor for an official vendor patch or community fix given the vendor's non-response to disclosure; evaluate temporary access controls or WAF rules if self-hosting
  • Assess exposure of AstrBot instances to untrusted networks and restrict network access where possible until remediation
  • Review logs for anomalous session_id values or unauthorized access patterns that may indicate exploitation attempts

Evidence notes

The vulnerability was disclosed through VulDB with a publicly available proof-of-concept exploit. The vendor did not respond to early disclosure attempts. The CVSS 4.0 vector indicates network attack vector with low attack complexity, requiring low privileges and no user interaction, with low impacts across confidentiality, integrity, and availability.

Official resources

public