EUVD-2026-30819CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionNVD
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service (DoS) through the server due to uncontrolled disk space consumption. The download_agent_file endpoint creates persistent temporary files for every request but fails to delete them after they are served. An unauthenticated attacker can repeatedly call this endpoint to exhaust the server's disk space, causing the database or other system services to fail due to "No space left on device" errors, rendering the entire AutoGPT Platform backend unavailable to all users. This issue has been patched in version 0.6.52.
AnalysisAI
Unauthenticated denial-of-service in AutoGPT Platform versions 0.4.2 through 0.6.51 allows remote attackers to exhaust server disk space by repeatedly invoking the download_agent_file endpoint, which creates temporary files that are never cleaned up. Once disk capacity is consumed, the backend database and dependent services fail with 'No space left on device' errors, taking the entire platform offline for all users. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all AutoGPT Platform instances running versions 0.4.2-0.6.51; implement rate limiting on the download_agent_file endpoint and enable disk space monitoring with alerts at 20% and 10% thresholds. Within 7 days: Contact AutoGPT vendor for patch availability and estimated release date; document current version inventory and upgrade path options. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today