CVE-2026-16077
Received Received - Intake

Path Traversal in AstrBot Filesystem Computer-Use Tool

Vulnerability report for CVE-2026-16077, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-18

Last updated on: 2026-07-18

Assigner: VulDB

Description

A vulnerability was found in AstrBotDevs AstrBot up to 4.25.5. Impacted is the function _normalize_rw_path of the file astrbot/core/tools/computer_tools/fs.py of the component Filesystem Computer-Use Tool. Performing a manipulation results in link following. The attack is only possible with local access. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-18
Last Modified
2026-07-18
Generated
2026-07-18
AI Q&A
2026-07-18
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
astrbotdevs astrbot to 4.25.5 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-16077 is a vulnerability in AstrBot up to version 4.25.5 that allows a local user to bypass filesystem restrictions by exploiting hardlink aliases. The issue occurs because AstrBot checks if a file path is within an allowed workspace but does not verify if the file is a hardlink pointing to an out-of-workspace file. This enables unauthorized read and write operations on files outside the intended workspace if they share the same inode.

Detection Guidance

Check for AstrBot versions up to 4.25.5 using package managers like pip or by inspecting the installed version. Look for suspicious hardlink creation within restricted workspaces pointing to files outside allowed boundaries. Commands: pip show astrbot or astrbot --version. Review filesystem access logs for unauthorized read/write operations.

Impact Analysis

This vulnerability allows a local attacker with access to the system to read or modify files outside the intended workspace boundary. If successful, it could lead to unauthorized access to sensitive data or manipulation of critical files on the host system.

Compliance Impact

This vulnerability could potentially impact compliance with GDPR and HIPAA by allowing unauthorized local users to access or modify files outside intended workspace boundaries through hardlink exploitation. Unauthorized file access may lead to exposure of sensitive personal or health data, violating confidentiality requirements under these regulations.

Mitigation Strategies

Update AstrBot to the latest version beyond 4.25.5 immediately. Restrict local user permissions to prevent hardlink creation. Monitor filesystem boundaries and disable AstrBot's access to sensitive directories until patched.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-16077. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart