Vulnerabilities ›

CVE-2026-10213

Medium

CWE-22 — Weakness Type

                    Published: Jun 1, 2026                      ·  Modified: Jun 4, 2026                      ·  Source: NVD                

CVSS v3

5.4

🔗 NVD Official

📄 Description (English)

A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing a manipulation of the argument Name results in path traversal. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

CVE-2026-10213 is a path traversal vulnerability in AstrBot 4.23.6's API endpoint /api/skills/delete that allows remote attackers to manipulate the 'Name' parameter to access unauthorized files. With a CVSS score of 5.4 (medium) and public exploit availability, this poses a moderate risk to organizations using this bot framework. The vendor's non-responsiveness increases urgency for immediate mitigation.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Jun 1, 2026 06:33

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi organizations using AstrBot for chatbot/automation services, particularly in government digital transformation initiatives, banking customer service platforms, and telecom automation systems. Government entities (NCA, CITC oversight), financial institutions relying on bot automation, and healthcare providers using chatbot systems for patient engagement face the highest risk. The path traversal could expose sensitive configuration files, API keys, and customer data stored on affected systems.

🏢 Affected Saudi Sectors

Government (Digital Transformation, NCA) Banking and Financial Services (SAMA regulated) Telecommunications (STC, Mobily automation) Healthcare (Patient engagement systems) E-commerce and Retail Customer Service Operations

🎯 MITRE ATT&CK Techniques

T1083 - File and Directory Discovery T1005 - Data from Local System T1190 - Exploit Public-Facing Application T1552 - Unsecured Credentials

⚖️ Saudi Risk Score (AI)

6.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Inventory all AstrBot 4.23.6 deployments across your organization

2. Restrict network access to /api/skills/delete endpoint using WAF rules or network ACLs

3. Implement input validation: reject any 'Name' parameter containing '../', '..\', or null bytes

4. Enable API request logging and monitor for suspicious path traversal patterns



Compensating Controls:

5. Deploy Web Application Firewall (WAF) rules to block path traversal attempts (ModSecurity rule: SecRule ARGS:Name "@rx (?:\.\./|\.\.\\)")

6. Run file integrity monitoring on configuration directories

7. Implement principle of least privilege for API service account permissions

8. Isolate AstrBot instances in network segments with restricted file system access



Long-term:

9. Migrate to alternative bot frameworks with active security support

10. Contact AstrBotDevs for security updates or consider forking the project for internal patching

11. Conduct security code review of custom API integrations

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. قم بحصر جميع نشرات AstrBot 4.23.6 عبر مؤسستك

2. قيد الوصول إلى نقطة نهاية /api/skills/delete باستخدام قواعد WAF أو قوائم التحكم في الوصول

3. تطبيق التحقق من المدخلات: رفض أي معامل 'Name' يحتوي على '../' أو '..\' أو بايتات فارغة

4. تفعيل تسجيل طلبات API ومراقبة محاولات اجتياز المسار المريبة



الضوابط البديلة:

5. نشر قواعد جدار الحماية (WAF) لحجب محاولات اجتياز المسار

6. تشغيل مراقبة سلامة الملفات على مجلدات التكوين

7. تطبيق مبدأ أقل امتياز لأذونات حساب خدمة API

8. عزل مثيلات AstrBot في قطاعات الشبكة ذات الوصول المحدود لنظام الملفات



المدى الطويل:

9. الهجرة إلى أطر عمل بوت بديلة مع دعم أمان نشط

10. التواصل مع AstrBotDevs للحصول على تحديثات أمان أو النظر في نسخ المشروع للتصحيح الداخلي

11. إجراء مراجعة أمان الكود للتكاملات المخصصة

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.14.2.1 - Secure development policy ECC 2024 A.14.2.5 - Secure coding practices ECC 2024 A.12.6.1 - Management of technical vulnerabilities

🔵 SAMA CSF

SAMA CSF ID.BE-1 - Asset management SAMA CSF PR.AC-1 - Access control policy SAMA CSF DE.CM-1 - Detection and analysis

🟡 ISO 27001:2022

ISO 27001:2022 A.8.1 - User endpoint devices ISO 27001:2022 A.14.2.1 - Secure development policy ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities

🟣 PCI DSS v4.0.1

PCI DSS 6.2 - Security patches and updates PCI DSS 6.5.1 - Injection flaws

🔗 References & Sources 5

🔗

https://gist.github.com/YLChen-007/8155cf1b9519f0a3524eea73dfeead2f

cna@vuldb.com

🔗

https://vuldb.com/cve/CVE-2026-10213

cna@vuldb.com

🔗

https://vuldb.com/submit/821924

cna@vuldb.com

🔗

https://vuldb.com/vuln/367492

cna@vuldb.com

🔗

https://vuldb.com/vuln/367492/cti

cna@vuldb.com

📊 CVSS Score

5.4

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score5.4

CWECWE-22

EPSS0.05%

Exploit No

Patch ✗ No

Published 2026-06-01

Source Feed nvd

🇸🇦 Saudi Risk Score

6.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-22

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-10213

Introduce Yourself

Sign In Required