Skip to main content

Autogpt

12 CVEs product

Monthly

CVE-2025-32394 MEDIUM PATCH This Month

Memory exhaustion in AutoGPT's AITextSummarizerBlock allows authenticated users to trigger extreme resource amplification - approximately 10 KB of crafted input causes the server to allocate roughly 50 GB of memory, crashing the platform for all users. All versions prior to 0.6.32 are affected per the vendor's GitHub Security Advisory (GHSA-955p-gpfx-r66j). No public exploit or CISA KEV listing has been identified, but the low attack complexity for any authenticated user makes this a realistic internal or multi-tenant threat.

Denial Of Service Autogpt
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-32423 MEDIUM PATCH This Month

Memory amplification denial-of-service in AutoGPT's ExtractTextInformationBlock enables authenticated users to exhaust server memory with disproportionately small inputs - a 10KB submission forces approximately 50GB of server-side memory allocation, a 5,000,000:1 amplification ratio. All AutoGPT versions prior to 0.6.32 by Significant-Gravitas are affected. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; the vendor released a fix in version 0.6.32.

Denial Of Service Autogpt
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-56663 HIGH PATCH This Week

Server-side request forgery in the AutoGPT Platform (versions prior to 0.6.52) lets an authenticated user abuse the SendWebRequestBlock to reach internal network services that the private-IP filter is supposed to protect. The flaw stems from _is_ip_blocked() in backend/backend/util/request.py failing to normalize IPv4-mapped IPv6 addresses and omitting RFC 6598 CGNAT space (100.64.0.0/10), so a hostname resolving to a mapped address passes validation and the request hits the embedded internal IPv4 endpoint. No public exploit identified at time of analysis; this affects all AutoGPT Platform deployments and is fixed in 0.6.52.

SSRF Autogpt
NVD GitHub
CVSS 3.1
8.5
EPSS
0.2%
CVE-2026-56823 MEDIUM PATCH This Month

{webhook_id}/ping` endpoint performs no ownership check - only verifying that a caller is authenticated, not that the target webhook belongs to them. An attacker with a valid account can confirm webhook existence, leak OAuth provider metadata, and trigger unauthorized ping deliveries on behalf of other users. No public exploit code or CISA KEV listing has been identified at time of analysis.

Authentication Bypass Autogpt
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-55237 HIGH PATCH This Week

DOM-based cross-site scripting in AutoGPT versions prior to 0.6.62 allows remote attackers to execute arbitrary JavaScript in an authenticated victim's browser by tricking them into clicking a crafted signup-page link whose `next` URL parameter is passed unsanitized into `router.push`. No public exploit identified at time of analysis, but the GitHub Security Advisory (GHSA-j2cp-jg5q-38wj) confirms the issue and ships a fix in 0.6.62.

XSS Autogpt
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-32437 HIGH PATCH This Week

Denial of service in Significant-Gravitas AutoGPT prior to 0.6.63 allows remote attackers to exhaust host disk space by chaining the unbounded StepThroughItemsBlock loop with MediaDurationBlock, which downloads videos to a temporary directory and never cleans them up. No public exploit identified at time of analysis, but the flaw is trivially triggerable through the normal agent-building UI in any AutoGPT instance reachable by an untrusted user.

Denial Of Service Autogpt
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-32436 HIGH PATCH This Week

Disk exhaustion denial-of-service in Significant Gravitas AutoGPT prior to version 0.6.63 allows authenticated platform users to crash the host by abusing the AddAudioToVideoBlock and StepThroughItemsBlock workflow components. By looping MediaDurationBlock through unbounded StepThroughItemsBlock iterations against URLs that trigger screenshots, attackers fill the working directory with undeleted temporary media files until disk space is exhausted. No public exploit identified at time of analysis, and EPSS data was not supplied.

Denial Of Service Autogpt
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-32424 HIGH PATCH This Week

Denial of service in AutoGPT prior to 0.6.63 allows remote unauthenticated users to exhaust host disk space by chaining the StepThroughItemsBlock with the ScreenshotWebPageBlock to capture an unbounded number of screenshots into a temporary directory. No public exploit identified at time of analysis, but the attack requires no authentication and CVSS 4.0 rates availability impact as High (8.7).

Denial Of Service Autogpt
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-32422 HIGH PATCH This Week

Denial of service in AutoGPT versions prior to 0.6.63 allows remote unauthenticated attackers to exhaust disk space on the host running the workflow automation platform by abusing the StepThroughItemsBlock to repeatedly drive FileStoreBlock downloads. The platform's `StepThroughItemsBlock` has no loop cap and `FileStoreBlock` enforces no working-directory disk quota, so an attacker can iteratively download moderately sized files (e.g., 100MB) until storage is exhausted. No public exploit identified at time of analysis, but the GitHub Security Advisory GHSA-9fr4-9jj9-mhh6 confirms the issue and the fix in 0.6.63.

Denial Of Service Autogpt
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-32392 HIGH PATCH This Week

Resource exhaustion denial-of-service in Significant Gravitas AutoGPT versions prior to 0.6.63 allows remote unauthenticated users to fill disk space by abusing the LoopVideoBlock's unbounded loop count parameter. The platform writes the resulting oversized video to disk, exhausting available storage and crashing the host. No public exploit identified at time of analysis, but CVSS 4.0 rates this 8.7 (High) due to network reachability and unauthenticated trigger path.

Denial Of Service Autogpt
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-33232 HIGH PATCH This Week

Unauthenticated denial-of-service in AutoGPT Platform versions 0.4.2 through 0.6.51 allows remote attackers to exhaust server disk space by repeatedly invoking the download_agent_file endpoint, which creates temporary files that are never cleaned up. Once disk capacity is consumed, the backend database and dependent services fail with 'No space left on device' errors, taking the entire platform offline for all users. No public exploit identified at time of analysis, but the trivial nature of the attack (simple repeated HTTP requests) makes it readily reproducible.

Denial Of Service Autogpt
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-30950 HIGH PATCH This Week

{session_id}/assign-user endpoint. An attacker who can guess or otherwise learn a target session_id can reassign that session to themselves, read its conversation contents, and lock the legitimate owner out. No public exploit identified at time of analysis, and the issue is fixed in 0.6.51 per the upstream GHSA-q58p-v9r9-7gqj advisory.

Authentication Bypass Autogpt
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory exhaustion in AutoGPT's AITextSummarizerBlock allows authenticated users to trigger extreme resource amplification - approximately 10 KB of crafted input causes the server to allocate roughly 50 GB of memory, crashing the platform for all users. All versions prior to 0.6.32 are affected per the vendor's GitHub Security Advisory (GHSA-955p-gpfx-r66j). No public exploit or CISA KEV listing has been identified, but the low attack complexity for any authenticated user makes this a realistic internal or multi-tenant threat.

Denial Of Service Autogpt
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory amplification denial-of-service in AutoGPT's ExtractTextInformationBlock enables authenticated users to exhaust server memory with disproportionately small inputs - a 10KB submission forces approximately 50GB of server-side memory allocation, a 5,000,000:1 amplification ratio. All AutoGPT versions prior to 0.6.32 by Significant-Gravitas are affected. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; the vendor released a fix in version 0.6.32.

Denial Of Service Autogpt
NVD GitHub
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Server-side request forgery in the AutoGPT Platform (versions prior to 0.6.52) lets an authenticated user abuse the SendWebRequestBlock to reach internal network services that the private-IP filter is supposed to protect. The flaw stems from _is_ip_blocked() in backend/backend/util/request.py failing to normalize IPv4-mapped IPv6 addresses and omitting RFC 6598 CGNAT space (100.64.0.0/10), so a hostname resolving to a mapped address passes validation and the request hits the embedded internal IPv4 endpoint. No public exploit identified at time of analysis; this affects all AutoGPT Platform deployments and is fixed in 0.6.52.

SSRF Autogpt
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

{webhook_id}/ping` endpoint performs no ownership check - only verifying that a caller is authenticated, not that the target webhook belongs to them. An attacker with a valid account can confirm webhook existence, leak OAuth provider metadata, and trigger unauthorized ping deliveries on behalf of other users. No public exploit code or CISA KEV listing has been identified at time of analysis.

Authentication Bypass Autogpt
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

DOM-based cross-site scripting in AutoGPT versions prior to 0.6.62 allows remote attackers to execute arbitrary JavaScript in an authenticated victim's browser by tricking them into clicking a crafted signup-page link whose `next` URL parameter is passed unsanitized into `router.push`. No public exploit identified at time of analysis, but the GitHub Security Advisory (GHSA-j2cp-jg5q-38wj) confirms the issue and ships a fix in 0.6.62.

XSS Autogpt
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in Significant-Gravitas AutoGPT prior to 0.6.63 allows remote attackers to exhaust host disk space by chaining the unbounded StepThroughItemsBlock loop with MediaDurationBlock, which downloads videos to a temporary directory and never cleans them up. No public exploit identified at time of analysis, but the flaw is trivially triggerable through the normal agent-building UI in any AutoGPT instance reachable by an untrusted user.

Denial Of Service Autogpt
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Disk exhaustion denial-of-service in Significant Gravitas AutoGPT prior to version 0.6.63 allows authenticated platform users to crash the host by abusing the AddAudioToVideoBlock and StepThroughItemsBlock workflow components. By looping MediaDurationBlock through unbounded StepThroughItemsBlock iterations against URLs that trigger screenshots, attackers fill the working directory with undeleted temporary media files until disk space is exhausted. No public exploit identified at time of analysis, and EPSS data was not supplied.

Denial Of Service Autogpt
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in AutoGPT prior to 0.6.63 allows remote unauthenticated users to exhaust host disk space by chaining the StepThroughItemsBlock with the ScreenshotWebPageBlock to capture an unbounded number of screenshots into a temporary directory. No public exploit identified at time of analysis, but the attack requires no authentication and CVSS 4.0 rates availability impact as High (8.7).

Denial Of Service Autogpt
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in AutoGPT versions prior to 0.6.63 allows remote unauthenticated attackers to exhaust disk space on the host running the workflow automation platform by abusing the StepThroughItemsBlock to repeatedly drive FileStoreBlock downloads. The platform's `StepThroughItemsBlock` has no loop cap and `FileStoreBlock` enforces no working-directory disk quota, so an attacker can iteratively download moderately sized files (e.g., 100MB) until storage is exhausted. No public exploit identified at time of analysis, but the GitHub Security Advisory GHSA-9fr4-9jj9-mhh6 confirms the issue and the fix in 0.6.63.

Denial Of Service Autogpt
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Resource exhaustion denial-of-service in Significant Gravitas AutoGPT versions prior to 0.6.63 allows remote unauthenticated users to fill disk space by abusing the LoopVideoBlock's unbounded loop count parameter. The platform writes the resulting oversized video to disk, exhausting available storage and crashing the host. No public exploit identified at time of analysis, but CVSS 4.0 rates this 8.7 (High) due to network reachability and unauthenticated trigger path.

Denial Of Service Autogpt
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unauthenticated denial-of-service in AutoGPT Platform versions 0.4.2 through 0.6.51 allows remote attackers to exhaust server disk space by repeatedly invoking the download_agent_file endpoint, which creates temporary files that are never cleaned up. Once disk capacity is consumed, the backend database and dependent services fail with 'No space left on device' errors, taking the entire platform offline for all users. No public exploit identified at time of analysis, but the trivial nature of the attack (simple repeated HTTP requests) makes it readily reproducible.

Denial Of Service Autogpt
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

{session_id}/assign-user endpoint. An attacker who can guess or otherwise learn a target session_id can reassign that session to themselves, read its conversation contents, and lock the legitimate owner out. No public exploit identified at time of analysis, and the issue is fixed in 0.6.51 per the upstream GHSA-q58p-v9r9-7gqj advisory.

Authentication Bypass Autogpt
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy