Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
AstrBot: Unsecured Input in MCP Endpoint Can Lead to Remote Command Execution
CVE-2026-6118
Summary
An attacker can inject malicious commands into the AstrBot system through the MCP Endpoint, potentially allowing them to execute unauthorized actions. This issue affects AstrBot versions up to 4.22.1. Update to the latest version to ensure the security of your system.
Original title
A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipul...
Original description
A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-77
Command Injection
Published: 12 Apr 2026 · Updated: 12 Apr 2026 · First seen: 12 Apr 2026