Skip to main content

AutoGPT CVE-2025-32436

| EUVDEUVD-2025-210282 HIGH
Uncontrolled Resource Consumption (CWE-400)
2026-06-18 GitHub_M
7.1
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.7 HIGH

Network-reachable workflow API with low-privilege account (PR:L), no user interaction, disk exhaustion can impact co-located services so scope changed (S:C) with high availability impact and no C/I impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jun 18, 2026 - 19:01 EUVD
Analysis Generated
Jun 18, 2026 - 17:05 vuln.today

DescriptionCVE.org

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AddAudioToVideoBlock will download and store the video and audio in a temporary directory without deleting before all noded are done. StepThroughItemsBlock can be used to iterate MediaDurationBlock multiple times. StepThroughItemsBlock does not limit the number of loops. In addition, AddAudioToVideoBlock does not limit the amount of disk space consumed in the current working directory and does not delete the video after outputing the result. When a malicious user chooses to screen shot many web pages, the disk space will eventually run out, causing a DoS. Version 0.6.63 patches the issue.

AnalysisAI

Disk exhaustion denial-of-service in Significant Gravitas AutoGPT prior to version 0.6.63 allows authenticated platform users to crash the host by abusing the AddAudioToVideoBlock and StepThroughItemsBlock workflow components. By looping MediaDurationBlock through unbounded StepThroughItemsBlock iterations against URLs that trigger screenshots, attackers fill the working directory with undeleted temporary media files until disk space is exhausted. No public exploit identified at time of analysis, and EPSS data was not supplied.

Technical ContextAI

AutoGPT is a workflow automation platform that chains together 'blocks' to build autonomous AI agent pipelines. The vulnerability sits in two cooperating blocks: AddAudioToVideoBlock, which downloads and stores video/audio assets in a temporary working directory without cleanup until the entire node graph completes, and StepThroughItemsBlock, which iterates over an input list with no upper bound on loop count. The root cause maps to CWE-400 (Uncontrolled Resource Consumption) - neither block enforces a quota on disk usage nor disposes of intermediate artifacts between iterations, so unbounded iteration multiplied by persistent temp files yields unbounded disk growth. The affected component is identified in CPE data as cpe:2.3:a:significant-gravitas:autogpt across all versions prior to the fix.

RemediationAI

Vendor-released patch: upgrade AutoGPT to version 0.6.63 or later, which patches both the unbounded iteration in StepThroughItemsBlock and the missing cleanup logic in AddAudioToVideoBlock - see https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-g26x-xwc5-7p44 for the upstream advisory. If immediate upgrade is not feasible, restrict the ability to create or run workflows containing AddAudioToVideoBlock and StepThroughItemsBlock to fully trusted accounts only, which has the side effect of breaking legitimate audio/video pipelines. Operators can additionally place AutoGPT's working directory on a dedicated, quota-enforced filesystem (e.g., a separate partition or XFS/ext4 project quota) so that exhaustion is contained and does not crash the host or co-located services, at the cost of failing workflows hitting the quota. Filesystem-level monitoring with alerts on rapid disk growth from the AutoGPT process can shorten detection time but does not prevent the DoS.

CVE-2026-55237 HIGH
8.8 Jun 18

DOM-based cross-site scripting in AutoGPT versions prior to 0.6.62 allows remote attackers to execute arbitrary JavaScri

CVE-2025-32437 HIGH
8.7 Jun 18

Denial of service in Significant-Gravitas AutoGPT prior to 0.6.63 allows remote attackers to exhaust host disk space by

CVE-2025-32424 HIGH
8.7 Jun 18

Denial of service in AutoGPT prior to 0.6.63 allows remote unauthenticated users to exhaust host disk space by chaining

CVE-2025-32422 HIGH
8.7 Jun 18

Denial of service in AutoGPT versions prior to 0.6.63 allows remote unauthenticated attackers to exhaust disk space on t

CVE-2025-32392 HIGH
8.7 Jun 18

Resource exhaustion denial-of-service in Significant Gravitas AutoGPT versions prior to 0.6.63 allows remote unauthentic

CVE-2026-56663 HIGH
8.5 Jun 26

Server-side request forgery in the AutoGPT Platform (versions prior to 0.6.52) lets an authenticated user abuse the Send

CVE-2026-33232 HIGH
7.5 May 19

Unauthenticated denial-of-service in AutoGPT Platform versions 0.4.2 through 0.6.51 allows remote attackers to exhaust s

CVE-2026-30950 HIGH
7.1 May 18

Authenticated session hijacking in Significant Gravitas AutoGPT versions 0.6.36 through 0.6.50 allows any logged-in user

CVE-2026-56823 MEDIUM
5.4 Jun 26

{webhook_id}/ping` endpoint performs no ownership check - only verifying that a caller is authenticated, not that the ta

CVE-2025-32423 MEDIUM
5.3 Jun 26

Memory amplification denial-of-service in AutoGPT's ExtractTextInformationBlock enables authenticated users to exhaust s

CVE-2025-32394 MEDIUM
5.3 Jun 26

Memory exhaustion in AutoGPT's AITextSummarizerBlock allows authenticated users to trigger extreme resource amplificatio

Share

CVE-2025-32436 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy