What is the CVSS score of CVE-2026-30950?

CVE-2026-30950 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L. EPSS exploitation probability: 0.0%.

Which versions of AutoGPT are affected by CVE-2026-30950?

Significant Gravitas AutoGPT versions 0.6.36 through 0.6.50 contain a session hijacking vulnerability that allows authenticated users to take over other users' sessions and access their conversation…. A patch is available.

How to fix or mitigate CVE-2026-30950?

Within 24 hours: Identify all deployments of AutoGPT running versions 0.6.36 through 0.6.50. Within 7 days: Upgrade all affected instances to version 0.6.51 per vendor advisory GHSA-q58p-v9r9-7gqj. Within 30 days: Complete inventory verification and audit session logs for any unauthorized session reassignments during the vulnerable period.

AutoGPT CVE-2026-30950

EUVD-2026-30814 HIGH

Missing Authorization (CWE-862)

2026-05-18 GitHub_M

Authentication Bypass

7.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

Low

Lifecycle Timeline

Patch available

May 18, 2026 - 23:16 EUVD

Analysis Generated

May 18, 2026 - 23:00 vuln.today

DescriptionNVD

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the session_id of another user's session, they can take it over, reading any messages in it and locking the legitimate user out. The PATCH /sessions/{session_id}/assign-user endpoint authenticates the caller but never verifies session ownership: the service layer invokes the session lookup with user_id=None, which the data access layer interprets as a privileged/system call that bypasses the ownership filter, allowing any authenticated user to reassign an arbitrary session to themselves. This issue has been patched in version 0.6.51.

AnalysisAI

{session_id}/assign-user endpoint. An attacker who can guess or otherwise learn a target session_id can reassign that session to themselves, read its conversation contents, and lock the legitimate owner out. …

RemediationAI

Within 24 hours: Identify all deployments of AutoGPT running versions 0.6.36 through 0.6.50. Within 7 days: Upgrade all affected instances to version 0.6.51 per vendor advisory GHSA-q58p-v9r9-7gqj. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-30950 vulnerability details – vuln.today

Back