EUVD-2026-23726

🗓️ 20 Apr 2026 00:30:13Reported by EUVDType

Vulnerability in TransformerOptimus SuperAGI enables remote authorization bypass via the budget endpoint.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-6586	19 Apr 202623:45	–	attackerkb
Circl	CVE-2026-6586	20 Apr 202604:23	–	circl
CNNVD	SuperAGI 安全漏洞	20 Apr 202600:00	–	cnnvd
CVE	CVE-2026-6586	19 Apr 202623:45	–	cve
Cvelist	CVE-2026-6586 TransformerOptimus SuperAGI Budget Endpoint budget.py update_budget authorization	19 Apr 202623:45	–	cvelist
NVD	CVE-2026-6586	20 Apr 202600:16	–	nvd
Positive Technologies	PT-2026-33655	19 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-6586	5 Jun 202619:47	–	redhatcve
Vulnrichment	CVE-2026-6586 TransformerOptimus SuperAGI Budget Endpoint budget.py update_budget authorization	19 Apr 202623:45	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "6fb6467f-39cb-3bcb-9ac5-f6dbdaead66e",
        "vendor": {
          "name": "transformeroptimus"
        }
      },
      {
        "id": "dd27c25e-4bb0-322e-ab68-115d856d4b15",
        "vendor": {
          "name": "transformeroptimus"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "1ee82e63-9902-3fe9-b0fe-351944c0c55d",
        "product": {
          "name": "SuperAGI"
        },
        "product_version": "0.0.2"
      },
      {
        "id": "2326babc-160f-35d9-ba33-9a2edfe1aead",
        "product": {
          "name": "SuperAGI"
        },
        "product_version": "0.0.11"
      },
      {
        "id": "460ab1f9-159b-3612-b643-b590185d0925",
        "product": {
          "name": "SuperAGI"
        },
        "product_version": "0.0.10"
      },
      {
        "id": "50e5bb5e-d4ff-3ea3-94ff-aca8628d2c2d",
        "product": {
          "name": "SuperAGI"
        },
        "product_version": "0.0.13"
      },
      {
        "id": "77ab7544-136b-3422-83cb-b285ca04414b",
        "product": {
          "name": "SuperAGI"
        },
        "product_version": "0.0.8"
      },
      {
        "id": "836451dd-f820-37d8-bc12-980e0bb31293",
        "product": {
          "name": "SuperAGI"
        },
        "product_version": "0.0.1"
      },
      {
        "id": "913b6e6e-b744-36aa-81d6-764b411dc7f7",
        "product": {
          "name": "SuperAGI"
        },
        "product_version": "0.0.9"
      },
      {
        "id": "9140c857-1b6c-3490-97e3-50b9908c3f65",
        "product": {
          "name": "SuperAGI"
        },
        "product_version": "0.0.12"
      },
      {
        "id": "b034b967-d689-3dd7-8e90-7f817a213dca",
        "product": {
          "name": "SuperAGI"
        },
        "product_version": "0.0.7"
      },
      {
        "id": "d36f454b-5469-33c8-8cb8-2f2dc127f22f",
        "product": {
          "name": "SuperAGI"
        },
        "product_version": "0.0.4"
      },
      {
        "id": "d8095b96-a958-35c4-ad5d-fbb806a5a280",
        "product": {
          "name": "SuperAGI"
        },
        "product_version": "0.0.14"
      },
      {
        "id": "dfe3e178-e214-3a55-a7a7-fd2552e3b031",
        "product": {
          "name": "SuperAGI"
        },
        "product_version": "0.0.6"
      },
      {
        "id": "e727102b-2840-3ea4-a198-04c670390c55",
        "product": {
          "name": "SuperAGI"
        },
        "product_version": "0.0.5"
      },
      {
        "id": "f6a33ad5-c1a3-3961-9703-86a0d20105d0",
        "product": {
          "name": "SuperAGI"
        },
        "product_version": "0.0.3"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/vuln/358221
vuldb	www.vuldb.com/vuln/358221/cti
vuldb	www.vuldb.com/submit/791077
gist	www.gist.github.com/YLChen-007/4b6b95f98aeed927a99d2a76eaf53444
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-6586

20 Apr 2026 00:30Current

5.3Medium risk

Vulners AI Score5.3

CVSS 45.3

CVSS 3.16.3

CVSS 26.5

CVSS 36.3

EPSS0.00014

SSVC