CVE-2026-16076 | AstrBotDevs AstrBot up to 4.25.5 API open_api.py OpenApiRoute.chat_send Username authentication spoofing
A vulnerability described as critical has been identified in AstrBotDevs AstrBot up to 4.25.5. This issue affects the function OpenApiRoute.chat_send of the file astrbot/dashboard/routes/open_api.py of the component API. Such manipulation of the argument Username leads to authentication bypass by spoofing.
This vulnerability is referenced as CVE-2026-16076. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More