Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionCVE.org
A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Remote unauthenticated access to vector database configurations in TransformerOptimus SuperAGI ≤0.0.14 allows attackers to retrieve, modify, or disrupt stored embeddings via the /vector_dbs endpoint. Missing authentication (CWE-306) in the get_vector_db_details function enables unauthorized manipulation of AI agent knowledge bases with CVSS 7.3. Publicly available exploit code exists (Proof-of-Concept published on GitHub Gist), but no active exploitation confirmed via CISA KEV. EPSS data not provided. Vendor unresponsive to early disclosure per VulDB report.
Technical ContextAI
SuperAGI is an open-source autonomous AI agent framework that uses vector databases (e.g., Pinecone, Weaviate, ChromaDB) to store embeddings for retrieval-augmented generation (RAG) and agent memory. The vulnerability exists in the vector_dbs.py controller's get_vector_db_details function, which exposes vector database management operations without enforcing authentication checks. CWE-306 (Missing Authentication for Critical Function) indicates the endpoint fails to validate caller identity before granting access to sensitive configuration data. The affected CPE (cpe:2.3:a:transformeroptimus:superagi) identifies versions up to 0.0.14 as vulnerable. Vector databases in AI systems store semantic embeddings of proprietary documents, user interactions, and training data-making unauthorized access a significant intellectual property and privacy risk.
RemediationAI
Primary fix: Upgrade to SuperAGI version >0.0.14 if a patched release becomes available. Monitor the official TransformerOptimus GitHub repository (https://github.com/TransformerOptimus/SuperAGI) for security updates, as no vendor advisory exists at time of analysis and the maintainer has not publicly acknowledged the vulnerability. Immediate compensating controls: (1) Restrict network access to the vector database management endpoint using firewall rules or reverse proxy authentication (e.g., require API keys or OAuth tokens at infrastructure layer)-trade-off: adds operational overhead and may break automated agent workflows. (2) Deploy SuperAGI behind a VPN or internal network segment, blocking public internet access to the application-trade-off: limits remote agent accessibility. (3) Implement rate limiting and IP allowlisting for the /vector_dbs route-trade-off: does not prevent attacks from allowed sources. (4) Apply Web Application Firewall (WAF) rules to block unauthorized POST/GET requests to /vector_dbs endpoints lacking valid session tokens-trade-off: requires custom rule creation and ongoing maintenance. Review application logs for suspicious vector DB queries from unexpected IP addresses. For production deployments containing sensitive embeddings, consider temporarily disabling vector DB management API until patch confirmation. Reference: Exploit details at https://gist.github.com/YLChen-007/f38b32a9cd0c9722e04a716ca4dbf9d5.
A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. Ra
An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. Rated hi
An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. Rated high severity
An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. Rated medium severi
In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns the user's password in
Path traversal in TransformerOptimus SuperAGI versions up to 0.0.14 allows remote unauthenticated attackers to read, wri
SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. Rated high severity (CVSS 7.5), this v
TransformerOptimus SuperAGI up to version 0.0.14 allows authenticated remote attackers to bypass authorization controls
Server-side request forgery (SSRF) in TransformerOptimus SuperAGI up to version 0.0.14 allows authenticated remote attac
Authorization bypass in TransformerOptimus SuperAGI up to version 0.0.14 allows authenticated remote attackers to access
Authorization bypass in TransformerOptimus SuperAGI up to version 0.0.14 allows authenticated attackers to manipulate th
Authorization bypass in TransformerOptimus SuperAGI up to version 0.0.14 allows authenticated users to modify arbitrary
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23717