CVE-2026-6118 PoC — AstrBot 命令注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-6118.yaml

Associated Vulnerability

Title:AstrBot 命令注入漏洞 (CVE-2026-6118)
Description:AstrBot是AstrBot开源的一个多平台 LLM 聊天机器人及开发框架。 AstrBot 4.22.1及之前版本存在命令注入漏洞，该漏洞源于MCP Endpoint组件中文件astrbot/dashboard/routes/tools.py的add_mcp_server函数对参数command处理不当，可能导致命令注入。

Description

AstrBot versions up to and including 4.22.1 contain a command injection vulnerability in the MCP server configuration endpoint. The /api/tools/mcp/add endpoint accepts arbitrary command and args fields that are passed directly to subprocess execution during the connection test, without any validation or allowlist enforcement. An attacker with dashboard access can execute arbitrary system commands with AstrBot process privileges.

File Snapshot


 id: CVE-2026-6118

info:
  name: AstrBot <= 4.22.1 - Command Injection
  author: jyoti369
  severity

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!