38 matches found
CVE-2026-6616
A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extractwithbs4/extractwith3k/extractwithlxml of the file superagi/helper/webpageextractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery. I...
CVE-2026-6583
A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function deleteapikey/editapikey of the file superagi/controllers/apikey.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carri...
EUVD-2026-23803
A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extractwithbs4/extractwith3k/extractwithlxml of the file superagi/helper/webpageextractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery. I...
EUVD-2026-23791
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function deleteagent/stopschedule/getscheduledata of the file superagi/controllers/agent.py. The manipulation of the argument agentid leads to authorization bypass. The attack is possible to be carried out...
CVE-2026-6614
A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function getproject/updateproject/getprojectsorganisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be perform...
CVE-2026-6612
A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function getagentexecution/updateagentexecution of the file superagi/controllers/agentexecution.py of the component Agent Execution Endpoint. Executing a manipulation of the argument agentexecutionid can...
CVE-2026-6615
A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the component Multipart Upload Handler. This manipulation of the argument Name causes path traversal. It is possible to initia...
CVE-2026-6615 TransformerOptimus SuperAGI Multipart Upload resources.py upload path traversal
A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the component Multipart Upload Handler. This manipulation of the argument Name causes path traversal. It is possible to initia...
CVE-2026-6615 TransformerOptimus SuperAGI Multipart Upload resources.py upload path traversal
A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the component Multipart Upload Handler. This manipulation of the argument Name causes path traversal. It is possible to initia...
CVE-2026-6613 TransformerOptimus SuperAGI agent.py get_schedule_data authorization
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function deleteagent/stopschedule/getscheduledata of the file superagi/controllers/agent.py. The manipulation of the argument agentid leads to authorization bypass. The attack is possible to be carried out...
CVE-2026-6613
The affected software is TransformerOptimus SuperAGI (up to 0.0.14). The vulnerability exists in the functions delete_agent, stop_schedule, and get_schedule_data in superagi/controllers/agent.py, where manipulating the argument agent_id leads to an authorization bypass. It can be exploited remote...
CVE-2026-6612
A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function getagentexecution/updateagentexecution of the file superagi/controllers/agentexecution.py of the component Agent Execution Endpoint. Executing a manipulation of the argument agentexecutionid can...
CVE-2026-6612 TransformerOptimus SuperAGI Agent Execution Endpoint agent_execution.py update_agent_execution authorization
A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function getagentexecution/updateagentexecution of the file superagi/controllers/agentexecution.py of the component Agent Execution Endpoint. Executing a manipulation of the argument agentexecutionid can...
CVE-2026-6612
The vulnerability CVE-2026-6612 affects TransformerOptimus SuperAGI up to version 0.0.14, specifically the Agent Execution Endpoint’s get_agent_execution/update_agent_execution in superagi/controllers/agent_execution.py. The underlying issue is an authorization bypass caused by manipulating the a...
CVE-2026-6612 TransformerOptimus SuperAGI Agent Execution Endpoint agent_execution.py update_agent_execution authorization
A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function getagentexecution/updateagentexecution of the file superagi/controllers/agentexecution.py of the component Agent Execution Endpoint. Executing a manipulation of the argument agentexecutionid can...
EUVD-2026-23726
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function getbudget/updatebudget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass. It is possible to launch the attack remotely. T...
PT-2026-33721
A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function get project/update project/get projects organisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be...
CVE-2026-6586 TransformerOptimus SuperAGI Budget Endpoint budget.py update_budget authorization
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function getbudget/updatebudget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass. It is possible to launch the attack remotely. T...
CVE-2026-6586 TransformerOptimus SuperAGI Budget Endpoint budget.py update_budget authorization
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function getbudget/updatebudget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass. It is possible to launch the attack remotely. T...
CVE-2026-6586
Affected product: TransformerOptimus SuperAGI (up to version 0.0.14). The vulnerability is in the Budget Endpoint, specifically the get_budget and update_budget functions in superagi/controllers/budget.py, enabling an authorization bypass. Exploitation can be performed remotely, and a public expl...