CVE-2026-8754 Overview
CVE-2026-8754 is a path traversal vulnerability [CWE-22] in AstrBotDevs AstrBot through version 4.23.5. The flaw resides in the post_file function within astrbot/dashboard/routes/chat.py, part of the File Upload Handler component. Attackers can manipulate the filename argument to write files outside the intended upload directory. The vulnerability is remotely exploitable and requires only low-level authenticated privileges. A public exploit has been disclosed via GitHub Gist. The AstrBot maintainers addressed the issue in version 4.23.6 with commit aaec41e5054569ceaa1113593a34da7568e2d211.
Critical Impact
Authenticated remote attackers can traverse directories during file uploads, potentially overwriting or planting files outside the intended dashboard upload path on the host.
Affected Products
- AstrBotDevs AstrBot versions up to and including 4.23.5
- Component: astrbot/dashboard/routes/chat.py File Upload Handler
- Function: post_file
Discovery Timeline
- 2026-05-17 - CVE-2026-8754 published to NVD
- 2026-05-18 - Last updated in NVD database
Technical Details for CVE-2026-8754
Vulnerability Analysis
The vulnerability exists in the post_file handler responsible for processing file uploads through the AstrBot dashboard. The handler accepts a user-controlled filename argument and uses it to construct the destination path without sufficient sanitization. An authenticated attacker can supply traversal sequences such as ../ to escape the intended upload directory.
Successful exploitation lets an attacker write files to arbitrary locations the AstrBot process can access. Depending on deployment context, this can lead to overwriting configuration files, planting persistence artifacts, or staging follow-on code execution. The attack proceeds over the network and requires only low privileges with no user interaction.
Root Cause
The root cause is improper limitation of a pathname to a restricted directory [CWE-22]. The post_file route did not normalize or constrain the supplied filename to the upload directory before writing the file. The upstream fix introduces use of pathlib.Path and PurePosixPath to validate that the resolved destination stays within the intended directory boundary.
Attack Vector
A remote authenticated user submits a crafted file upload request to the dashboard endpoint backed by post_file. The filename parameter contains directory traversal sequences referencing a location outside the upload root. The server resolves the path and writes the uploaded content to the attacker-chosen destination.
# Patch excerpt - astrbot/dashboard/routes/chat.py
import uuid
from contextlib import asynccontextmanager
from copy import deepcopy
+from pathlib import Path, PurePosixPath
from typing import Any, cast
from quart import Response as QuartResponse
Source: GitHub Commit aaec41e
The patch imports Path and PurePosixPath to enable safe path resolution and containment checks against the configured upload directory.
Detection Methods for CVE-2026-8754
Indicators of Compromise
- HTTP requests to the AstrBot dashboard file upload endpoint containing ../, ..\, URL-encoded %2e%2e%2f, or absolute path sequences in the filename field.
- New or modified files appearing outside the configured AstrBot upload directory, especially in configuration, plugin, or web-accessible paths.
- Unexpected files owned by the AstrBot service account on the host filesystem.
Detection Strategies
- Inspect AstrBot dashboard access logs for POST requests carrying traversal patterns in multipart filename headers.
- Compare the running AstrBot version against 4.23.6 and flag instances at or below 4.23.5.
- Hash-monitor the astrbot/dashboard/routes/chat.py file to confirm presence of patch commit aaec41e5054569ceaa1113593a34da7568e2d211.
Monitoring Recommendations
- Enable file integrity monitoring on directories adjacent to the AstrBot upload path and on application configuration files.
- Forward AstrBot application and reverse-proxy logs to a centralized SIEM and alert on multipart filenames containing path separators or traversal tokens.
- Audit dashboard accounts and disable unused low-privilege users that could be abused for authenticated exploitation.
How to Mitigate CVE-2026-8754
Immediate Actions Required
- Upgrade AstrBot to version 4.23.6 or later, which contains commit aaec41e5054569ceaa1113593a34da7568e2d211.
- Restrict network exposure of the AstrBot dashboard to trusted management networks or VPN access only.
- Rotate credentials for dashboard accounts and review authentication logs for unexpected post_file activity.
Patch Information
The maintainers fixed CVE-2026-8754 in AstrBot 4.23.6. The fix is tracked in commit aaec41e5054569ceaa1113593a34da7568e2d211 and bundled in the v4.23.6 Release Notes. The patch introduces pathlib.Path and PurePosixPath based validation in astrbot/dashboard/routes/chat.py to constrain upload destinations to the intended directory.
Workarounds
- Place the AstrBot dashboard behind a reverse proxy that blocks multipart requests containing ../, ..\, or encoded traversal sequences in the filename parameter.
- Run AstrBot under a dedicated low-privilege service account with write access limited to the upload directory only.
- Apply mandatory access controls such as AppArmor or SELinux to restrict the AstrBot process from writing outside its working directory.
# Verify installed AstrBot version and confirm patch presence
pip show astrbot | grep -i version
grep -n "PurePosixPath" astrbot/dashboard/routes/chat.py
# Expected on patched systems: import line referencing Path, PurePosixPath
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
