Lucene search
K

217 matches found

NVD
NVD
added 2026/02/04 11:15 p.m.6 views

CVE-2025-62616

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...

9.8CVSS0.00338EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/04 10:28 p.m.4 views

CVE-2025-62616

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...

9.3CVSS5.3AI score0.00338EPSS
Exploits1References2
CVE
CVE
added 2026/02/04 10:28 p.m.11 views

CVE-2025-62616

CVE-2025-62616 affects AutoGPT (AutoGPT platform) prior to autogpt-platform-beta-v0.6.34. In SendDiscordFileBlock, the code uses aiohttp.ClientSession().get directly on an input URL without filtering, yielding a Server-Side Request Forgery (SSRF) vulnerability. The vulnerability is documented as ...

9.8CVSS5.3AI score0.00338EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/02/04 10:28 p.m.27 views

CVE-2025-62616 AutoGPT has SSRF vulnerability in SendDiscordFileBlock

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...

9.3CVSS0.00338EPSS
Exploits1References1
OSV
OSV
added 2026/02/04 10:28 p.m.5 views

CVE-2025-62616 AutoGPT has SSRF vulnerability in SendDiscordFileBlock

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...

9.3CVSS5.3AI score0.00338EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/04 10:28 p.m.5 views

CVE-2025-62615

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock, the third-party library urllib.request.urlopen is used directly to access the URL, but the inpu...

9.3CVSS5.3AI score0.00357EPSS
Exploits1References2
CVE
CVE
added 2026/02/04 10:28 p.m.14 views

CVE-2026-22038

CVE-2026-22038 affects AutoGPT prior to platform-beta-v0.6.46. The vulnerability arises when Stagehand blocks log API keys and authentication secrets in plaintext via logger.info() in StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock, where api_key.get_secret_value() is logged. ...

8.1CVSS5.4AI score0.00433EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/04 10:28 p.m.6 views

CVE-2026-22038 AutoGPT's API Keys and Secrets Logged in Plaintext in Stagehand Integration Blocks

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using...

8.1CVSS5.5AI score0.00433EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.7 views

PT-2026-6101

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.46 Description AutoGPT is a platform for creating and managing AI agents to automate workflows. The Stagehand integration improperly logs API keys and authentication secrets in plaintext using logger.info...

8.1CVSS5.5AI score0.00433EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.7 views

PT-2026-5938

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.34 Description AutoGPT is a platform for creating, deploying, and managing continuous artificial intelligence agents to automate complex workflows. A Server-Side Request Forgery SSRF issue exists in the...

9.3CVSS5.5AI score0.00338EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.16 views

AutoGPT 代码问题漏洞

AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. Previous versions of AutoGPT, including autogpt-platform-beta-v0.6.34, had code vulnerabilities. These vulnerabilities stemmed from the use of the third-party library urllib.request.urlopen...

9.8CVSS5.9AI score0.00357EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.4 views

PT-2026-5937

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.34 Description AutoGPT is a platform for creating and managing AI agents to automate workflows. A Server-Side Request Forgery SSRF issue exists in the RSSFeedBlock component due to the direct use of...

9.8CVSS5.5AI score0.00357EPSS
Exploits1References16
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.7 views

AutoGPT 日志信息泄露漏洞

AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. Previous versions of AutoGPT, including autogpt-platform-beta-v0.6.46, had a vulnerability related to log information leakage. This vulnerability stemmed from the Stagehand integration...

8.1CVSS5.8AI score0.00433EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/29 5:39 p.m.29 views

CVE-2026-24780 AutoGPT is Vulnerable to RCE via Disabled Block Execution

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platform's block execution endpoints both main web API and external API allow executing blocks by UUID...

9.4CVSS0.01147EPSS
Exploits1References6
OSV
OSV
added 2026/01/29 5:39 p.m.5 views

CVE-2026-24780 AutoGPT is Vulnerable to RCE via Disabled Block Execution

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platform's block execution endpoints both main web API and external API allow executing blocks by UUID...

9.4CVSS6.2AI score0.01147EPSS
Exploits1References8
OSV
OSV
added 2026/01/29 3:4 p.m.6 views

GHSA-R277-3XC5-C79V AutoGPT is Vulnerable to RCE via Disabled Block Execution

Summary AutoGPT Platform's block execution endpoints both main web API and external API allow executing blocks by UUID without checking the disabled flag. Any authenticated user can execute the disabled BlockInstallationBlock, which writes arbitrary Python code to the server filesystem and execut...

9.4CVSS6.8AI score0.01147EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.9 views

AutoGPT security vulnerabilities

AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. Previous versions of AutoGPT, including autogpt-platform-beta-v0.6.44, contained security vulnerabilities. These vulnerabilities stemmed from the lack of checking disabled flags, which coul...

9.4CVSS6.4AI score0.01147EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.7 views

PT-2026-5312

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.44 Description AutoGPT Platform’s block execution endpoints, both the main web API and external API, allow execution of blocks by UUID without verifying the disabled flag. This allows any authenticated user to...

9.4CVSS6.2AI score0.01147EPSS
Exploits1References24
RedhatCVE
RedhatCVE
added 2026/01/07 9:11 a.m.17 views

CVE-2025-1040

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection SSTI that could lead to Remote Code Execution RCE. The vulnerability arises from the improper handling of user-supplied format strings in the AgentOutputBlock implementation, where malicious input is passed to t...

8.8CVSS8.3AI score0.01522EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-7613

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.00534EPSS
Exploits1References4
Rows per page
Query Builder