CVE-2026-33232

The CVE-2026-33232 flaw affects AutoGPT Platform (versions 0.4.2–0.6.51). The issue is an unauthenticated DoS caused by the download_agent_file endpoint creating persistent temporary files per request and failing to delete them after serving, enabling an unauthenticated attacker to repeatedly exh...

Persistent Temp-File incomplete cleanup / resource exhaustion in `transformers` Serve

Description The transformers OpenAI-compatible server leaks every base64 image it decodes to disk. Because the temporary files are never cleaned up, an attacker can exhaust disk space by repeatedly calling /v1/chat/completions with base64 imageurl entries. Vulnerable Code In...