CVE-2026-6613

🗓️ 20 Apr 2026 06:30:14Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 4 Views🌐 WEB

Remote authorization bypass via agent_id in TransformerOptimus SuperAGI up to 0.0.14 affecting agent.py functions.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2026-6613	20 Apr 202606:30	–	attackerkb
Circl	CVE-2026-6613	20 Apr 202608:17	–	circl
CNNVD	SuperAGI 安全漏洞	20 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-6613 TransformerOptimus SuperAGI agent.py get_schedule_data authorization	20 Apr 202606:30	–	cvelist
EUVD	EUVD-2026-23791	20 Apr 202609:30	–	euvd
NVD	CVE-2026-6613	20 Apr 202607:16	–	nvd
Positive Technologies	PT-2026-33720	20 Apr 202600:00	–	ptsecurity
Vulnrichment	CVE-2026-6613 TransformerOptimus SuperAGI agent.py get_schedule_data authorization	20 Apr 202606:30	–	vulnrichment

Vulners

Node

transformeroptimus superagiMatch0.0.1

transformeroptimus superagiMatch0.0.2

transformeroptimus superagiMatch0.0.3

transformeroptimus superagiMatch0.0.4

transformeroptimus superagiMatch0.0.5

transformeroptimus superagiMatch0.0.6

transformeroptimus superagiMatch0.0.7

transformeroptimus superagiMatch0.0.8

transformeroptimus superagiMatch0.0.9

transformeroptimus superagiMatch0.0.10

transformeroptimus superagiMatch0.0.11

transformeroptimus superagiMatch0.0.12

transformeroptimus superagiMatch0.0.13

transformeroptimus superagiMatch0.0.14

[
  {
    "vendor": "TransformerOptimus",
    "product": "SuperAGI",
    "versions": [
      {
        "version": "0.0.1",
        "status": "affected"
      },
      {
        "version": "0.0.2",
        "status": "affected"
      },
      {
        "version": "0.0.3",
        "status": "affected"
      },
      {
        "version": "0.0.4",
        "status": "affected"
      },
      {
        "version": "0.0.5",
        "status": "affected"
      },
      {
        "version": "0.0.6",
        "status": "affected"
      },
      {
        "version": "0.0.7",
        "status": "affected"
      },
      {
        "version": "0.0.8",
        "status": "affected"
      },
      {
        "version": "0.0.9",
        "status": "affected"
      },
      {
        "version": "0.0.10",
        "status": "affected"
      },
      {
        "version": "0.0.11",
        "status": "affected"
      },
      {
        "version": "0.0.12",
        "status": "affected"
      },
      {
        "version": "0.0.13",
        "status": "affected"
      },
      {
        "version": "0.0.14",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:superagi:superagi:*:*:*:*:*:*:*:*"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/vuln/358248/cti
vuldb	www.vuldb.com/submit/791081
gist	www.gist.github.com/YLChen-007/1d87985b274ce22c4294726d7758df8e
vuldb	www.vuldb.com/vuln/358248

Parameter	Position	Path	Description	CWE
agent_id	request body	delete_agent	Authorization bypass by manipulating agent_id in delete_agent endpoint.	CWE-285, CWE-639
agent_id	request body	stop_schedule	Authorization bypass by manipulating agent_id in stop_schedule endpoint.	CWE-285, CWE-639
agent_id	request body	get_schedule_data	Authorization bypass by manipulating agent_id in get_schedule_data endpoint.	CWE-285, CWE-639

29 Apr 2026 01:00Current

5.4Medium risk

Vulners AI Score5.4

CVSS 45.3

CVSS 3.16.3

CVSS 26.5

CVSS 36.3

EPSS0.00043

SSVC