CVE-2026-8754 | AstrBotDevs AstrBot up to 4.23.5 File Upload chat.py post_file filename path traversal

SecurityVulns
Yanac

A vulnerability, which was classified as critical, was found in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function post_file of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of the argument filename results in path traversal.

This vulnerability is known as CVE-2026-8754. It is possible to launch the attack remotely. Furthermore, an exploit is available.

You should upgrade the affected component.VulDB Recent EntriesRead More