Skip to main content

AutoGPT CVE-2025-32394

| EUVDEUVD-2025-210364 MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-06-26 GitHub_M
5.3
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Network-accessible with low-privilege authenticated access; full server memory exhaustion constitutes high - not low - availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jun 26, 2026 - 18:02 EUVD
Analysis Generated
Jun 26, 2026 - 17:30 vuln.today

DescriptionCVE.org

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in AITextSummarizerBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the server will consume 50G of memory, eventually causing memory resources to be exhausted, resulting in DoS. This vulnerability is fixed in 0.6.32.

AnalysisAI

Memory exhaustion in AutoGPT's AITextSummarizerBlock allows authenticated users to trigger extreme resource amplification - approximately 10 KB of crafted input causes the server to allocate roughly 50 GB of memory, crashing the platform for all users. All versions prior to 0.6.32 are affected per the vendor's GitHub Security Advisory (GHSA-955p-gpfx-r66j). No public exploit or CISA KEV listing has been identified, but the low attack complexity for any authenticated user makes this a realistic internal or multi-tenant threat.

Technical ContextAI

AutoGPT (by Significant-Gravitas) is a workflow automation platform for building and running autonomous AI agents. The vulnerable component, AITextSummarizerBlock, processes text content for AI-based summarization and fails to enforce limits on memory allocated during processing, conforming to CWE-770 (Allocation of Resources Without Limits or Throttling). The amplification ratio is extreme - approximately 5,000x input-to-memory - suggesting the block may be constructing unbounded intermediate data structures, tokenized representations, or context windows proportional to input without capping allocation. The affected CPE is cpe:2.3:a:significant-gravitas:autogpt:*:*:*:*:*:*:*:*, covering all releases before 0.6.32.

RemediationAI

Vendor-released patch: 0.6.32. Upgrade AutoGPT to version 0.6.32 or later, as confirmed by the vendor's GitHub Security Advisory at https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-955p-gpfx-r66j. If immediate upgrade is not possible, apply compensating controls: restrict access to the AITextSummarizerBlock feature to a minimal set of trusted users via platform-level RBAC; enforce maximum request body size limits at the reverse proxy or API gateway layer (e.g., nginx client_max_body_size) to prevent oversized payloads from reaching the block; and impose container or cgroup memory limits on the AutoGPT server process so that any single runaway allocation is bounded and causes only a process restart rather than host-level exhaustion. Note that capping memory at the container level may cause the AutoGPT process to be OOM-killed mid-request, which can introduce data loss for in-flight workflows.

CVE-2026-55237 HIGH
8.8 Jun 18

DOM-based cross-site scripting in AutoGPT versions prior to 0.6.62 allows remote attackers to execute arbitrary JavaScri

CVE-2025-32437 HIGH
8.7 Jun 18

Denial of service in Significant-Gravitas AutoGPT prior to 0.6.63 allows remote attackers to exhaust host disk space by

CVE-2025-32424 HIGH
8.7 Jun 18

Denial of service in AutoGPT prior to 0.6.63 allows remote unauthenticated users to exhaust host disk space by chaining

CVE-2025-32422 HIGH
8.7 Jun 18

Denial of service in AutoGPT versions prior to 0.6.63 allows remote unauthenticated attackers to exhaust disk space on t

CVE-2025-32392 HIGH
8.7 Jun 18

Resource exhaustion denial-of-service in Significant Gravitas AutoGPT versions prior to 0.6.63 allows remote unauthentic

CVE-2026-56663 HIGH
8.5 Jun 26

Server-side request forgery in the AutoGPT Platform (versions prior to 0.6.52) lets an authenticated user abuse the Send

CVE-2026-33232 HIGH
7.5 May 19

Unauthenticated denial-of-service in AutoGPT Platform versions 0.4.2 through 0.6.51 allows remote attackers to exhaust s

CVE-2026-30950 HIGH
7.1 May 18

Authenticated session hijacking in Significant Gravitas AutoGPT versions 0.6.36 through 0.6.50 allows any logged-in user

CVE-2025-32436 HIGH
7.1 Jun 18

Disk exhaustion denial-of-service in Significant Gravitas AutoGPT prior to version 0.6.63 allows authenticated platform

CVE-2026-56823 MEDIUM
5.4 Jun 26

{webhook_id}/ping` endpoint performs no ownership check - only verifying that a caller is authenticated, not that the ta

CVE-2025-32423 MEDIUM
5.3 Jun 26

Memory amplification denial-of-service in AutoGPT's ExtractTextInformationBlock enables authenticated users to exhaust s

Share

CVE-2025-32394 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy