What is the CVSS score of CVE-2026-33233?

CVE-2026-33233 has a CVSS 3.1 base score of 7.6 (High). CVSS vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of AutoGPT are affected by CVE-2026-33233?

AutoGPT platform versions 0.6.34-0.6.51 are vulnerable to remote code execution through insecure deserialization of cached data, allowing attackers with access to the shared Redis instance to execute…. A patch is available.

AutoGPT CVE-2026-33233

EUVD-2026-30817 HIGH

Deserialization of Untrusted Data (CWE-502)

2026-05-19 GitHub_M

Deserialization Redis

7.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 19, 2026 - 02:01 EUVD

Source Code Evidence Fetched

May 19, 2026 - 01:43 vuln.today

Analysis Generated

May 19, 2026 - 01:43 vuln.today

DescriptionNVD

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with pickle.dumps(...) into Redis and the read path blindly invokes pickle.loads(...) on bytes with no HMAC/signature or strict schema validation gating deserialization. If an attacker can poison a shared-cache key in Redis, arbitrary command execution is possible in the backend container context, affecting confidentiality, integrity, and availability. This issue has been fixed in version 0.6.52.

AnalysisAI

Insecure deserialization in Significant-Gravitas AutoGPT platform versions 0.6.34 through 0.6.51 lets an attacker who can poison entries in the shared Redis cache achieve arbitrary command execution inside the backend container. The backend's read path invokes pickle.loads on cache bytes with no HMAC, signature, or schema gate, so any attacker-controlled value reaching that key becomes code on retrieval. …

RemediationAI

Within 24 hours: Identify all systems running AutoGPT 0.6.34-0.6.51 and verify network access controls for the Redis instance. Within 7 days: Deploy vendor-released patch (autogpt-platform-beta-v0.6.52) to all affected systems after validation in a staging environment. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-33233 vulnerability details – vuln.today

Back

AutoGPT CVE-2026-33233

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code