CVE-2026-33233

CVE-2026-33233 affects AutoGPT Platform: older releases (0.6.34–0.6.51) deserialize Redis cache bytes with pickle.loads without integrity checks, while writes use pickle.dumps into Redis. The read path blindly calls pickle.loads on bytes with no HMAC/signature or strict schema validation. An atta...

EUVD-2026-30819

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service DoS through the server due to uncontrolled disk space consumption. The downloadagentfile...

CVE-2025-62615

AutoGPT's ReadRSSFeedBlock contained an SSRF flaw due to unfiltered URLs used with urllib.request.urlopen, affecting platforms prior to autogpt-platform-beta-v0.6.34. The issue, rated CVSS v4.0 base 9.3 (CRITICAL; NETWORK vector, no user interaction), is patched in v0.6.34. Connected sources (Red...

CVE-2026-24780

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platform's block execution endpoints both main web API and external API allow executing blocks by UUID...

CVE-2026-24780

CVE-2026-24780 affects AutoGPT Platform prior to v0.6.44. An authenticated user can trigger remote code execution by calling the execute endpoint for blocks (both main web API and external API) without honoring the disabled flag for BlockInstallationBlock, which writes arbitrary Python code to th...