Cyber Resilience

CVE-2026-7579

Medium

Published: 01 May 2026

Published
01 May 2026
Modified
04 May 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 20.3th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7579 is a medium-severity Use of Hard-coded Password (CWE-259) vulnerability. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Valid Accounts (T1078); ranked at the 20.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-7579 is a security vulnerability in AstrBotDevs AstrBot versions up to 4.16.0, affecting the unknown processing of the file astrbot/dashboard/routes/auth.py within the Dashboard component. The issue stems from hard-coded credentials, classified under CWE-259 and CWE-798.

The vulnerability enables remote exploitation over the network with low attack complexity and no required privileges or user interaction. Attackers can manipulate the affected component to leverage the hard-coded credentials, resulting in low impacts to confidentiality, integrity, and availability, as scored at CVSS 7.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).

Advisories from GitHub (GHSA-vrqm-xcfv-286r), an independent security advisory by Dave-gilmore-aus, and VulDB entries detail the flaw and note that the exploit has been publicly disclosed. The vendor was contacted early regarding disclosure but provided no response, with no patches or mitigations indicated.

The exploit is available publicly and may be used in attacks.

EU & UK References

Vulnerability details

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely.…

more

The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Hardcoded credentials in dashboard auth.py directly enable use of valid accounts for remote access to the public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-11126Shared CWE-259, CWE-798
CVE-2025-8730Shared CWE-259, CWE-798
CVE-2026-8032Shared CWE-259, CWE-798
CVE-2025-1393Shared CWE-798
CVE-2025-70041Shared CWE-259
CVE-2025-8857Shared CWE-798
CVE-2025-37103Shared CWE-798
CVE-2025-2538Shared CWE-798
CVE-2025-8974Shared CWE-259, CWE-798
CVE-2024-9334Shared CWE-798

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents hard-coded credentials by requiring secure management, distribution, default changes, and protection of authenticators in systems like AstrBot's dashboard.

prevent

Mandates timely identification, reporting, and remediation of flaws such as the hard-coded credentials vulnerability in CVE-2026-7579.

detect

Enables detection of publicly disclosed vulnerabilities like CVE-2026-7579 through vulnerability scanning of the AstrBot dashboard component.

References