PatchSiren cyber security CVE debrief
CVE-2026-15499 AstrBotDevs CVE debrief
A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. The vulnerability is located in the Scheduled Task Handler component, specifically in the function FutureTaskTool.call of the file astrbot/core/tools/cron_tools.py. The manipulation of the argument payload[note] results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. This CVE record provides an executive overview of the vulnerability, its exposure, and the likely defender workflow.
- Vendor
- AstrBotDevs
- Product
- AstrBot
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-12
- Original CVE updated
- 2026-07-12
- Advisory published
- 2026-07-12
- Advisory updated
- 2026-07-12
Who should care
Users of AstrBotDevs AstrBot up to version 4.25.2 should be aware of this vulnerability and take appropriate actions to mitigate the risk. This includes reviewing the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance. Operators, platform administrators, vulnerability management teams, and security teams may be impacted by this vulnerability.
Technical summary
The vulnerability is caused by improper authorization in the Scheduled Task Handler component of AstrBotDevs AstrBot up to 4.25.2. The function FutureTaskTool.call in the file astrbot/core/tools/cron_tools.py is affected. An attacker can exploit this vulnerability remotely by manipulating the argument payload[note]. The exploit has been released to the public and may be used for attacks. Users of AstrBotDevs AstrBot up to version 4.25.2 should review system configurations and consider compensating controls. Evidence for this CVE record is limited to the information provided by the source item and the CVE record. Defenders should verify affected scope and severity with the vendor.
Defensive priority
Low
Recommended defensive actions
- Apply the vendor's remediation when available
- Implement compensating controls to limit the attack surface
- Monitor for suspicious activity related to the vulnerability
- Perform inventory checks to identify affected systems
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-12T12:16:44.257Z and has not been modified since then. The NVD entry is currently Received. The evidence basis for this CVE is limited to the information provided by the source item and the CVE record. Defenders should verify the affected scope and severity with the vendor and consider the potential impact on their systems.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-12T12:16:44.257Z and has not been modified since then.