Skip to main content

Superagi EUVD-2026-23791

| CVE-2026-6613 LOW
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-04-20 VulDB
Authentication Bypass Superagi
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

8
Severity Changed
Apr 29, 2026 - 01:12 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:12 NVD
5.3 (MEDIUM) 2.1 (LOW)
PoC Detected
Apr 29, 2026 - 01:00 vuln.today
Public exploit code
Analysis Generated
Apr 20, 2026 - 07:26 vuln.today
CVSS changed
Apr 20, 2026 - 07:22 NVD
6.3 (MEDIUM) 5.3 (MEDIUM)
EUVD ID Assigned
Apr 20, 2026 - 07:15 euvd
EUVD-2026-23791
Analysis Generated
Apr 20, 2026 - 07:15 vuln.today
CVE Published
Apr 20, 2026 - 06:30 nvd
LOW 2.1

DescriptionCVE.org

A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function delete_agent/stop_schedule/get_schedule_data of the file superagi/controllers/agent.py. The manipulation of the argument agent_id leads to authorization bypass. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Authorization bypass in TransformerOptimus SuperAGI up to version 0.0.14 allows authenticated attackers to manipulate the agent_id parameter in delete_agent, stop_schedule, and get_schedule_data endpoints, bypassing access controls to perform unauthorized operations on agents and schedules. The vulnerability is remotely exploitable by any authenticated user and publicly available exploit code exists; however, the vendor has not responded to early disclosure attempts.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Obtain valid SuperAGI credentials
Delivery
Authenticate to SuperAGI interface
Exploit
Enumerate target agent_id via directory/list endpoints
Install
Craft HTTP request with manipulated agent_id parameter
C2
Send request to delete_agent/stop_schedule/get_schedule_data endpoint
Execute
Bypass authorization check and execute unauthorized operation
Impact
Agent deleted or schedule modified without victim consent
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated user session (PR:L from CVSS vector) - the attacker must have valid login credentials to SuperAGI. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment While the CVSS score of 5.3 is moderate, the real-world risk is elevated by several factors: (1) exploitation requires authentication (PR:L), reducing the threat surface to users with valid accounts - either legitimate users acting maliciously or attackers who have obtained credentials; (2) publicly available exploit code (POC) lowers the barrier to exploitation; (3) the vulnerability affects core agent management functions (delete, schedule control), creating operational impact; (4) the vendor's non-response to early disclosure suggests no timeline for a fix. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated user of SuperAGI (either a legitimate user or an attacker with stolen credentials) identifies another user's agent_id through enumeration or log analysis, then crafts HTTP requests to the delete_agent, stop_schedule, or get_schedule_data endpoints with the victim's agent_id parameter. The endpoint processes the request without validating that the requestor owns the agent, allowing unauthorized deletion or control of the victim's agents and schedules. …
Remediation No vendor-released patch has been identified at time of analysis, given the vendor's non-response to disclosure. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-23791 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy