Ghostwire

CVE-2026-16074: A vulnerability was detected in AstrBotDevs AstrBot up to 4.25.2. This affects the function...

MEDIUM CVSS 0.0

Published: July 17, 2026 | Last Modified: July 17, 2026

Description

A vulnerability was detected in AstrBotDevs AstrBot up to 4.25.2. This affects the function update_plugin/update_all_plugins of the file astrbot/dashboard/routes/plugin.py of the component Plugin Update Handler. The manipulation of the argument download_url/download_urls/proxy results in server-side request forgery. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References