LOW
AstrBotDevs
CVE published 2026-06-01
CVE-2026-10212
A low-severity authorization bypass vulnerability in AstrBot 4.24.2 allows remote attackers to bypass authorization controls by manipulating the session_id argument in the astr_main_agent function of astrbot/core/astr_main_agent.py. The CVSS 4.0 score of 2.1 reflects limited privileges required and low impact on confidentiality, integrity, and availability. The exploit has been publicly disclosed via a Gi [truncated]