CVE-2026-16075 | AstrBotDevs AstrBot up to 4.25.5 session-listing Endpoint open_api.py OpenApiRoute.get_chat_sessions Username authorization
A vulnerability marked as problematic has been reported in AstrBotDevs AstrBot up to 4.25.5. This vulnerability affects the function OpenApiRoute.get_chat_sessions of the file astrbot/dashboard/routes/open_api.py of the component session-listing Endpoint. This manipulation of the argument Username causes authorization bypass.
The identification of this vulnerability is CVE-2026-16075. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More