Lucene search
+L

4 matches found

nvd
nvd
added 2026/06/26 5:16 p.m.10 views

CVE-2026-56823

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the POST /api/integrations/webhooks/webhookid/ping endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the...

5.4CVSS0.0015EPSS
Exploits0References1
osv
osv
added 2026/06/26 4:2 p.m.2 views

CVE-2026-56823 AutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping Triggering

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the POST /api/integrations/webhooks/webhookid/ping endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the...

5.4CVSS6.1AI score0.0015EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/26 4:2 p.m.35 views

CVE-2026-56823 AutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping Triggering

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the POST /api/integrations/webhooks/webhookid/ping endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the...

5.4CVSS0.0015EPSS
Exploits0References1
cve
cve
added 2026/06/26 4:2 p.m.21 views

CVE-2026-56823

The CVE-2026-56823 affects AutoGPT: the POST /api/integrations/webhooks/{webhook_id}/ping endpoint authenticates by primary key only, allowing an authenticated user to enumerate webhook existence, leak the OAuth provider type, and potentially trigger a ping on behalf of another user due to insuff...

5.4CVSS5.9AI score0.0015EPSS
Exploits0References1
Rows per page
Query Builder