{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6119", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-11T08:50:24.541Z", "datePublished": "2026-04-12T05:00:20.093Z", "dateUpdated": "2026-04-14T16:33:26.198Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-12T05:00:20.093Z"}, "title": "AstrBotDevs AstrBot API Endpoint post_data.get server-side request forgery", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-918", "lang": "en", "description": "Server-Side Request Forgery"}]}], "affected": [{"vendor": "AstrBotDevs", "product": "AstrBot", "versions": [{"version": "4.22.0", "status": "affected"}, {"version": "4.22.1", "status": "affected"}], "cpes": ["cpe:2.3:a:astrbot:astrbot:*:*:*:*:*:*:*:*"], "modules": ["API Endpoint"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-11T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-11T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-11T10:55:35.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Yu_Bao (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/356979", "name": "VDB-356979 | AstrBotDevs AstrBot API Endpoint post_data.get server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/356979/cti", "name": "VDB-356979 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/792661", "name": "Submit #792661 | AstrBotDevs AstrBot 4.22.1 Server-Side Request Forgery (SSRF)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/AstrBotDevs/AstrBot/issues/7171", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/AstrBotDevs/AstrBot/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T15:18:10.018774Z", "id": "CVE-2026-6119", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T16:33:26.198Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6119", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T15:18:10.018774Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:18:13.414Z"}}], "cna": {"title": "AstrBotDevs AstrBot API Endpoint post_data.get server-side request forgery", "credits": [{"lang": "en", "type": "reporter", "value": "Yu_Bao (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:astrbot:astrbot:*:*:*:*:*:*:*:*"], "vendor": "AstrBotDevs", "modules": ["API Endpoint"], "product": "AstrBot", "versions": [{"status": "affected", "version": "4.22.0"}, {"status": "affected", "version": "4.22.1"}]}], "timeline": [{"lang": "en", "time": "2026-04-11T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-11T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-11T10:55:35.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/356979", "name": "VDB-356979 | AstrBotDevs AstrBot API Endpoint post_data.get server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/356979/cti", "name": "VDB-356979 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/792661", "name": "Submit #792661 | AstrBotDevs AstrBot 4.22.1 Server-Side Request Forgery (SSRF)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/AstrBotDevs/AstrBot/issues/7171", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/AstrBotDevs/AstrBot/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "Server-Side Request Forgery"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-12T05:00:20.093Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6119", "state": "PUBLISHED", "dateUpdated": "2026-04-14T16:33:26.198Z", "dateReserved": "2026-04-11T08:50:24.541Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-12T05:00:20.093Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet."}], "id": "CVE-2026-6119", "lastModified": "2026-04-13T15:01:43.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-12T06:16:21.927", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/AstrBotDevs/AstrBot/"}, {"source": "cna@vuldb.com", "url": "https://github.com/AstrBotDevs/AstrBot/issues/7171"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/792661"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/356979"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/356979/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.22.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.22.1"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "AstrBot", "source": "cna", "vendor": "AstrBotDevs"}, "product": "astrbot", "vendor": "astrbot"}], "analysis": {"en": {"generated_at": "2026-04-12T06:20:38.911980+00:00", "value": {"mitigation_remediation": ["Update AstrBot to a release newer than 4.22.1 as soon as a patch is available", "If an upgrade cannot be performed immediately, restrict the API endpoint so that it only accepts requests from trusted IP ranges and block outbound requests to untrusted networks", "Enable firewall or proxy rules to monitor and log all outbound HTTP/HTTPS traffic originating from the server", "Apply least\u2011privilege principles to the API credentials used by AstrBot", "Regularly consult the AstrBot issue tracker and vendor advisories for new security releases"], "summary": {"action": "Patch ASAP", "impact": "Server\u2011Side Request Forgery (SSRF)"}, "threat_synthesis": {"affected_systems": "AstrBotDevs AstrBot versions up to and including 4.22.1 are affected. Users running any release within this range are vulnerable and should review their deployment for the presence of the impacted API endpoint.", "description_and_impact": "The function post_data.get in the AstrBot API endpoint enables an attacker to craft requests that the server will forward to any target within or outside the network. This can lead to unauthorized access to internal services, data exfiltration, or further compromise of internal resources. The vulnerability is a classic SSRF flaw, categorized under CWE\u2011918, and allows the attacker to influence outbound traffic initiated by the server.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a medium severity vulnerability. Publicly available proof\u2011of\u2011concept code exists, and the flaw can be exercised remotely via the API, implying a non\u2011trivial exploitation potential. EPSS data is not provided, and the vulnerability is not catalogued in the KEV list. The likely attack vector involves sending crafted payloads to the vulnerable endpoint from an exposed network or malicious actor controlling API traffic."}}}}, "created": "2026-04-13T12:41:34.310202+00:00", "updated": "2026-04-13T12:56:14.306646+00:00", "vendors": ["astrbot", "astrbot$PRODUCT$astrbot"]}