๐Ÿ” CVE Alert

CVE-2026-16073

LOW 3.5

AstrBotDevs AstrBot T2I Feature base.py NetworkRenderStrategy.render cross site scripting

CVSS Score
3.5
EPSS Score
0.0%
EPSS Percentile
0th

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function Star.text_to_image/NetworkRenderStrategy.render of the file astrbot/core/star/base.py of the component T2I Feature. The manipulation leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE CWE-79 CWE-94
Vendor astrbotdevs
Product astrbot
Published Jul 17, 2026
Stay Ahead of the Next One

Get instant alerts for astrbotdevs astrbot

Be the first to know when new low vulnerabilities affecting astrbotdevs astrbot are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

AstrBotDevs / AstrBot
4.25.0 4.25.1 4.25.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/379788 vuldb.com: https://vuldb.com/vuln/379788/cti vuldb.com: https://vuldb.com/cve/CVE-2026-16073 vuldb.com: https://vuldb.com/submit/852825 gist.github.com: https://gist.github.com/YLChen-007/2abcecece4369c46cc8405e597c0528b

Credits

๐Ÿ” Eric-d (VulDB User) VulDB CNA Team