CVE-2026-16077 | AstrBotDevs AstrBot up to 4.25.5 Filesystem Computer-Use Tool fs.py _normalize_rw_path link following

SecurityVulns

A vulnerability classified as critical has been found in AstrBotDevs AstrBot up to 4.25.5. Impacted is the function _normalize_rw_path of the file astrbot/core/tools/computer_tools/fs.py of the component Filesystem Computer-Use Tool. Performing a manipulation results in link following.

This vulnerability is identified as CVE-2026-16077. The attack is only possible with local access. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More