A vulnerability was found in AstrBotDevs AstrBot 4.24.2 and classified as critical . This affects the function astr_main_agent of the file astrbot/core/astr_main_agent.py . Such manipulation of the argument session_id leads to authorization bypass. This vulnerability is referenced as CVE-2026-10212 . It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.