217 matches found
CVE-2025-62616
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...
CVE-2025-62616
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...
CVE-2025-62616
CVE-2025-62616 affects AutoGPT (AutoGPT platform) prior to autogpt-platform-beta-v0.6.34. In SendDiscordFileBlock, the code uses aiohttp.ClientSession().get directly on an input URL without filtering, yielding a Server-Side Request Forgery (SSRF) vulnerability. The vulnerability is documented as ...
CVE-2025-62616 AutoGPT has SSRF vulnerability in SendDiscordFileBlock
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...
CVE-2025-62616 AutoGPT has SSRF vulnerability in SendDiscordFileBlock
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...
CVE-2025-62615
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock, the third-party library urllib.request.urlopen is used directly to access the URL, but the inpu...
CVE-2026-22038
CVE-2026-22038 affects AutoGPT prior to platform-beta-v0.6.46. The vulnerability arises when Stagehand blocks log API keys and authentication secrets in plaintext via logger.info() in StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock, where api_key.get_secret_value() is logged. ...
CVE-2026-22038 AutoGPT's API Keys and Secrets Logged in Plaintext in Stagehand Integration Blocks
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using...
PT-2026-6101
Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.46 Description AutoGPT is a platform for creating and managing AI agents to automate workflows. The Stagehand integration improperly logs API keys and authentication secrets in plaintext using logger.info...
PT-2026-5938
Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.34 Description AutoGPT is a platform for creating, deploying, and managing continuous artificial intelligence agents to automate complex workflows. A Server-Side Request Forgery SSRF issue exists in the...
AutoGPT 代码问题漏洞
AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. Previous versions of AutoGPT, including autogpt-platform-beta-v0.6.34, had code vulnerabilities. These vulnerabilities stemmed from the use of the third-party library urllib.request.urlopen...
PT-2026-5937
Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.34 Description AutoGPT is a platform for creating and managing AI agents to automate workflows. A Server-Side Request Forgery SSRF issue exists in the RSSFeedBlock component due to the direct use of...
AutoGPT 日志信息泄露漏洞
AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. Previous versions of AutoGPT, including autogpt-platform-beta-v0.6.46, had a vulnerability related to log information leakage. This vulnerability stemmed from the Stagehand integration...
CVE-2026-24780 AutoGPT is Vulnerable to RCE via Disabled Block Execution
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platform's block execution endpoints both main web API and external API allow executing blocks by UUID...
CVE-2026-24780 AutoGPT is Vulnerable to RCE via Disabled Block Execution
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platform's block execution endpoints both main web API and external API allow executing blocks by UUID...
GHSA-R277-3XC5-C79V AutoGPT is Vulnerable to RCE via Disabled Block Execution
Summary AutoGPT Platform's block execution endpoints both main web API and external API allow executing blocks by UUID without checking the disabled flag. Any authenticated user can execute the disabled BlockInstallationBlock, which writes arbitrary Python code to the server filesystem and execut...
AutoGPT security vulnerabilities
AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. Previous versions of AutoGPT, including autogpt-platform-beta-v0.6.44, contained security vulnerabilities. These vulnerabilities stemmed from the lack of checking disabled flags, which coul...
PT-2026-5312
Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.44 Description AutoGPT Platform’s block execution endpoints, both the main web API and external API, allow execution of blocks by UUID without verifying the disabled flag. This allows any authenticated user to...
CVE-2025-1040
AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection SSTI that could lead to Remote Code Execution RCE. The vulnerability arises from the improper handling of user-supplied format strings in the AgentOutputBlock implementation, where malicious input is passed to t...
EUVD-2025-7613
Malicious code in bioql PyPI...