What is the CVSS score of CVE-2026-22038?

CVE-2026-22038 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of AI / ML are affected by CVE-2026-22038?

A HIGH severity vulnerability (CVE-2026-22038) affecting AutoGPT poses a significant risk to organizations using this platform for AI agent automation.. A patch is available.

Is there a public PoC exploit available for CVE-2026-22038?

Yes, a public proof-of-concept exploit is available for CVE-2026-22038. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-22038?

Within 24 hours: Inventory all AutoGPT deployments and assess current patch status; notify affected teams to monitor for suspicious agent behavior. Within 7 days: Apply the available vendor patch to all AutoGPT instances in a phased approach, prioritizing production environments. Within 30 days: Complete patching of all remaining instances, conduct security testing to confirm vulnerability remediation, and document patch deployment status for audit purposes.

AI / ML CVE-2026-22038

HIGH

Insertion of Sensitive Information into Log File (CWE-532)

2026-02-04 security-advisories@github.com

Information Disclosure AI / ML Autogpt Platform

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 17, 2026 - 15:42 vuln.today

Public exploit code

Patch released

Feb 17, 2026 - 15:42 nvd

Patch available

CVE Published

Feb 04, 2026 - 23:15 nvd

HIGH 8.1

DescriptionNVD

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using logger.info() statements. This occurs in three separate block implementations (StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock) where the code explicitly calls api_key.get_secret_value() and logs the result. This issue has been patched in autogpt-platform-beta-v0.6.46.

AnalysisAI

AutoGPT platform versions prior to v0.6.46 expose API keys and authentication secrets in application logs due to insecure logging of decrypted credentials across three Stagehand integration blocks. Authenticated users can access these plaintext secrets through log files, enabling credential theft and unauthorized access to integrated services. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to AutoGPT platform

Exploit

Access workflow containing Stagehand block

Execution

Trigger block execution

Impact

Extract plaintext API keys from logs