180 matches found
CVE-2026-45023
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/blockid/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in th...
AutoGPT 安全漏洞
AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. Versions of AutoGPT prior to 0.6.59 contained a security vulnerability. This vulnerability stemmed from the POST /api/blocks/blockid/execute endpoint, which allowed unlimited free execution...
Exploit for CVE-2026-30950
AutoGPT CVE-2026-30950 POC Proof-of-concept demonstration for...
CVE-2026-33233
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...
CVE-2026-33234
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogptplatform/backend/backend/blocks/emailblock.py accepts a user-supplied smtpserver string and smtpport integer as...
CVE-2026-33234
CVE-2026-33234 affects AutoGPT versions 0.1.0–0.6.51, where SendEmailBlock accepts user-provided smtp_server and smtp_port and passes them to Python’s smtplib.SMTP() without IP address validation. This bypasses hardened SSRF protections (validate_url_host and BLOCKED_IP_NETWORKS) used by other bl...
CVE-2026-33234 AutoGPT: SendEmailBlock's IP blocklist bypass allows SSRF via user-controlled SMTP server
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogptplatform/backend/backend/blocks/emailblock.py accepts a user-supplied smtpserver string and smtpport integer as...
CVE-2026-33233 AutoGPT Platform: Remote Code Execution via Unsafe Pickle Deserialization of Redis Cache Entries
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...
CVE-2026-33233 AutoGPT Platform: Remote Code Execution via Unsafe Pickle Deserialization of Redis Cache Entries
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...
CVE-2026-33233
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...
CVE-2026-33232 AutoGPT: Unauthenticated DoS via Disk Space Exhaustion
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service DoS through the server due to uncontrolled disk space consumption. The downloadagentfile...
CVE-2026-33232
The CVE-2026-33232 flaw affects AutoGPT Platform (versions 0.4.2–0.6.51). The issue is an unauthenticated DoS caused by the download_agent_file endpoint creating persistent temporary files per request and failing to delete them after serving, enabling an unauthenticated attacker to repeatedly exh...
CVE-2026-33232 AutoGPT: Unauthenticated DoS via Disk Space Exhaustion
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service DoS through the server due to uncontrolled disk space consumption. The downloadagentfile...
PT-2026-41763
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogpt platform/backend/backend/blocks/email block.py accepts a user-supplied smtp server string and smtp port integer as...
AutoGPT 资源管理错误漏洞
AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. In versions 0.4.2 to 0.6.51 of AutoGPT, there was a resource management vulnerability. This vulnerability occurred because the downloadagentfile endpoint created temporary files without...
AutoGPT 代码问题漏洞
AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. There were code vulnerabilities in versions 0.1.0 to 0.6.51 of AutoGPT. These vulnerabilities stemmed from the SendEmailBlock function, which accepted parameters for the smtpserver and...
PT-2026-41761
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service DoS through the server due to uncontrolled disk space consumption. The download agent fil...
AutoGPT 代码注入漏洞
AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. In versions 0.6.34 to 0.6.51 of AutoGPT, there was a code injection vulnerability. This vulnerability stemmed from the use of pickle.loads to deserialize Redis cache data without proper...
CVE-2026-30950
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the sessionid of another user's session,...
CVE-2026-30950 AutoGPT has Authenticated Session Hijacking via IDOR
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the sessionid of another user's session,...