CVE-2026-16077 | AstrBotDevs AstrBot up to 4.25.5 Filesystem Computer-Use Tool fs.py _normalize_rw_path link following
A vulnerability classified as critical has been found in AstrBotDevs AstrBot up to 4.25.5. Impacted is the function _normalize_rw_path of the file astrbot/core/tools/computer_tools/fs.py of the component Filesystem Computer-Use Tool. Performing a manipulation results in link following.
This vulnerability is identified as CVE-2026-16077. The attack is only possible with local access. Additionally, an exploit exists.
The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More