CVE-2026-16077

medium

Description

A vulnerability was found in AstrBotDevs AstrBot up to 4.25.5. Impacted is the function _normalize_rw_path of the file astrbot/core/tools/computer_tools/fs.py of the component Filesystem Computer-Use Tool. Performing a manipulation results in link following. The attack is only possible with local access. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

https://vuldb.com/vuln/379792/cti

https://vuldb.com/vuln/379792

https://vuldb.com/submit/852865

https://vuldb.com/cve/CVE-2026-16077

https://gist.github.com/YLChen-007/d2581be79bb3caf9a032b0614dfc7728

Details

Source: Mitre, NVD

Published: 2026-07-18

Updated: 2026-07-18

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 4.8

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00168