Description
A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function _sanitize_prompt_description of the file astrbot/core/skills/skill_manager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-01
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Based on the description, it is inferred that the injection can be performed remotely. The sanitization routine fails to properly validate or escape characters supplied in the prompt description field, allowing an attacker to inject malicious payloads. The description does not explicitly state that the injection enables arbitrary code execution; however, it indicates that a public exploit exists, suggesting that the injected payload is eventually processed by the bot or its skills in a way that may lead to unintended behavior.

Affected Systems

The affected product is AstrBotDevs AstrBot 4.23.6. No other versions are mentioned in the CNA data, so only this specific build should be considered at risk. Systems running this version without a patch remain vulnerable.

Risk and Exploitability

With a CVSS score of 5.3 the vulnerability is considered moderate, and the lack of an EPSS score does not diminish the fact that a publicly available exploit has been released. Based on the description, it is inferred that the attack can be carried out from remote without authentication by supplying a crafted prompt description. The vulnerability is not listed in the CISA KEV catalog, but the public nature of the exploit and vendor non‑responsiveness increase the urgency of remediation.

Generated by OpenCVE AI on June 1, 2026 at 03:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update AstrBot to the latest release that addresses the _sanitize_prompt_description injection.
  • If an immediate update is not possible, limit access to the skill manager by blocking external prompt submissions or applying network filtering to restrict who can interact with the bot.
  • Apply input validation or an escaping mechanism that adheres to CWE‑74 best practices, ensuring that any special characters in prompt descriptions are rejected or safely encoded before processing.
  • Monitor system and bot logs for anomalous prompt descriptions and set up alerts for potential injection attempts.

Generated by OpenCVE AI on June 1, 2026 at 03:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function _sanitize_prompt_description of the file astrbot/core/skills/skill_manager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title AstrBotDevs AstrBot skill_manager.py _sanitize_prompt_description injection
First Time appeared Astrbot
Astrbot astrbot
Weaknesses CWE-707
CWE-74
CPEs cpe:2.3:a:astrbot:astrbot:*:*:*:*:*:*:*:*
Vendors & Products Astrbot
Astrbot astrbot
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Astrbot Astrbot
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T13:26:33.963Z

Reserved: 2026-05-31T07:14:03.314Z

Link: CVE-2026-10210

cve-icon Vulnrichment

Updated: 2026-06-01T13:26:30.435Z

cve-icon NVD

Status : Deferred

Published: 2026-06-01T02:16:17.543

Modified: 2026-06-01T15:15:37.293

Link: CVE-2026-10210

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T04:30:19Z

Weaknesses
  • CWE-707

    Improper Neutralization

  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')