CVE-2026-7579

High

Published: 01 May 2026

Published

01 May 2026

Modified

04 May 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0006 18.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7579 is a high-severity Use of Hard-coded Password (CWE-259) vulnerability. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Valid Accounts (T1078); ranked at the 18.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Valid Accounts (T1078) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-5 Authenticator Management good match

prevent

Directly prevents hard-coded credentials by requiring secure management, distribution, default changes, and protection of authenticators in systems like AstrBot's dashboard.

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and remediation of flaws such as the hard-coded credentials vulnerability in CVE-2026-7579.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Enables detection of publicly disclosed vulnerabilities like CVE-2026-7579 through vulnerability scanning of the AstrBot dashboard component.

MITRE ATT&CK Enterprise TechniquesAI

T1078 Valid Accounts Stealth

Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Hardcoded credentials in dashboard auth.py directly enable use of valid accounts for remote access to the public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely.…

The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2026-7579 is a security vulnerability in AstrBotDevs AstrBot versions up to 4.16.0, affecting the unknown processing of the file astrbot/dashboard/routes/auth.py within the Dashboard component. The issue stems from hard-coded credentials, classified under CWE-259 and CWE-798.

The vulnerability enables remote exploitation over the network with low attack complexity and no required privileges or user interaction. Attackers can manipulate the affected component to leverage the hard-coded credentials, resulting in low impacts to confidentiality, integrity, and availability, as scored at CVSS 7.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).

Advisories from GitHub (GHSA-vrqm-xcfv-286r), an independent security advisory by Dave-gilmore-aus, and VulDB entries detail the flaw and note that the exploit has been publicly disclosed. The vendor was contacted early regarding disclosure but provided no response, with no patches or mitigations indicated.

The exploit is available publicly and may be used in attacks.