8 matches found
CVE-2026-45023
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/blockid/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in th...
WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint
Summary plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess = true, and then calls YPTWallet::addBalance without...
CVE-2026-47696 WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint
WWBN AVideo is an open source video platform. In 29.0 and earlier, plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess =...
CVE-2026-45023
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/blockid/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in th...
CVE-2026-45023 AutoGPT: Credit system bypassed via direct block execution in POST /api/blocks/{block_id}/execute
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/blockid/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in th...
CVE-2026-45023 AutoGPT: Credit system bypassed via direct block execution in POST /api/blocks/{block_id}/execute
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/blockid/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in th...
CVE-2026-45023
AutoGPT is affected by CVE-2026-45023. The vulnerability resides in the POST /api/blocks/{block_id}/execute endpoint, where blocks can be executed without consuming credits, bypassing the intended credit check in the graph execution path. The bypass occurs when blocks are invoked directly via the...
CVE-2026-45023 AutoGPT: Credit system bypassed via direct block execution in POST /api/blocks/{block_id}/execute
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/blockid/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in th...