CVE-2026-15501
Received Received - Intake

Server-Side Request Forgery in AstrBot

Vulnerability report for CVE-2026-15501, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-12

Last updated on: 2026-07-12

Assigner: VulDB

Description

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.test_mcp_connection of the file astrbot/dashboard/routes/tools.py of the component MCP Test Endpoint. The manipulation of the argument mcp_server_config.url leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-12
Last Modified
2026-07-12
Generated
2026-07-12
AI Q&A
2026-07-12
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
astrbotdevs astrbot to 4.25.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-15501 is an authenticated Server-Side Request Forgery (SSRF) vulnerability in the AstrBot application, specifically in the MCP Test Endpoint functionality.

An authenticated user can manipulate the mcp_server_config.url parameter to make the AstrBot server send HTTP requests to arbitrary destinations, including internal network addresses and loopback addresses.

This happens because the application does not properly validate the URL before making the request, allowing attackers to control where the server sends requests.

The affected endpoint is POST /api/tools/mcp/test, which accepts JSON input containing the URL configuration that is used directly without validation.

Impact Analysis

This vulnerability can allow an attacker to make the AstrBot server send requests to internal or restricted network services that are normally inaccessible.

An attacker could use this to probe internal services, access restricted endpoints, or interact with metadata services if network policies allow.

Such actions could lead to information disclosure, unauthorized access to internal resources, or further exploitation within the network.

Detection Guidance

This vulnerability can be detected by monitoring and testing the POST /api/tools/mcp/test endpoint of the AstrBot application. Since the vulnerability involves manipulation of the mcp_server_config.url parameter to cause server-side requests, you can attempt to send crafted HTTP POST requests with controlled URLs to see if the server makes outbound requests to arbitrary destinations.

A practical detection method is to use tools like curl or HTTP clients to send JSON payloads to the vulnerable endpoint and observe if the server performs requests to the specified URLs, including internal or loopback addresses.

  • Example curl command to test the vulnerability:
  • curl -X POST https://<astrbot-server>/api/tools/mcp/test -H 'Content-Type: application/json' -d '{"mcp_server_config": {"url": "http://127.0.0.1:80"}}'

If the server attempts to connect to the specified URL (e.g., 127.0.0.1), it indicates the presence of the SSRF vulnerability.

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable endpoint to trusted users only, as the vulnerability requires authentication.

Additionally, implement network-level controls such as firewall rules to prevent the AstrBot server from making outbound HTTP requests to internal or sensitive network addresses.

If possible, upgrade AstrBot to a version later than 4.25.2 where the vulnerability has been patched.

As a temporary workaround, disable or restrict the MCP Test Endpoint functionality until a patch can be applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15501. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart