CVE-2026-6984
Received Received - Intake
Template Injection Vulnerability in AstrBot Dashboard API Allows Remote Exploits

Publication date: 2026-04-25

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create_template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-25
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-6984
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
astrbotdevs astrbot to 4.22.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1336 The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
CWE-791 The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in AstrBot allows remote attackers to execute arbitrary code, disclose sensitive information, and cause denial-of-service conditions. Such impacts can lead to unauthorized access and exposure of sensitive data.

This exposure and potential data breach risk can negatively affect compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information and mandate controls against unauthorized access and data leakage.

Specifically, the information disclosure and remote code execution risks could lead to violations of data confidentiality and integrity requirements under these regulations.

Executive Summary

CVE-2026-6984 is a Server-Side Template Injection (SSTI) vulnerability in AstrBot versions up to 4.22.1, specifically in the Text-to-Image (T2I) template management system.

Authenticated users can create or update templates containing arbitrary Jinja2 HTML content via the dashboard API without any validation or sanitization.

These templates are stored directly to disk and later sent as-is to a remote rendering endpoint that processes them with a Jinja2 template engine.

If the rendering endpoint is unsandboxed, attackers can execute arbitrary code remotely (Remote Code Execution). Even the default sandboxed endpoint evaluates Jinja2 expressions, allowing information disclosure and denial-of-service attacks.

Impact Analysis

This vulnerability can have several serious impacts:

  • Remote Code Execution (RCE) on the rendering server if the endpoint is unsandboxed, allowing attackers to run arbitrary OS commands.
  • Information Disclosure through evaluation of Jinja2 expressions, exposing sensitive environment details.
  • Denial of Service (DoS) by submitting resource-intensive templates that cause server crashes or timeouts.
  • Disruption of the default shared rendering service affecting all users due to DoS attacks.
Detection Guidance

This vulnerability can be detected by monitoring for API calls that create or update T2I templates containing suspicious Jinja2 expressions. Specifically, look for POST requests to /api/t2i/templates/create and PUT requests to /api/t2i/templates/<name> with payloads containing Jinja2 template syntax such as {{ ... }} or {% ... %}.

You can detect exploitation attempts by searching logs or network traffic for these patterns or by querying the AstrBot API for templates containing Jinja2 expressions.

  • Example command to search logs for suspicious template creation or updates: grep -E '\{\{.*\}\}|\{%.*%\}' /var/log/astrbot/api.log
  • Use curl or similar tools to list templates and inspect their content for Jinja2 expressions: curl -X GET http://<astrbot-host>/api/t2i/templates
  • Monitor network traffic for POST requests to the rendering endpoint (default https://t2i.soulter.top/text2img/generate) containing Jinja2 payloads.
Mitigation Strategies

Immediate mitigation steps include sanitizing all user-submitted templates to remove or escape Jinja2 expressions before storage or rendering.

Ensure that the rendering endpoint is configured to use a sandboxed Jinja2 environment to restrict template capabilities and prevent arbitrary code execution.

Prevent users from configuring the rendering endpoint to untrusted or unsandboxed servers.

Implement a template allowlist that only permits predefined safe template variables and disallows arbitrary template expressions.

As a quick fix, you can apply a sanitizer function to strip Jinja2 expressions from templates, for example:

  • import re def sanitize_template(content: str) -> str: content = re.sub(r'\{\{.*?\}\}', '', content) content = re.sub(r'\{%.*?%\}', '', content) return content
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6984. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart