PatchSiren

Significant-Gravitas CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Significant-Gravitas CVE published 2026-06-18

CVE-2026-55237

CVE-2026-55237 is a high-severity DOM-based Cross-Site Scripting (XSS) vulnerability in AutoGPT's signup page. Versions prior to 0.6.62 are affected. An attacker can craft a malicious link that, when opened by an authenticated user, performs a client-side redirect and executes arbitrary JavaScript in the context of their browser. This could lead to credential theft, internal network pivoting, and unauthor [truncated]

HIGH Significant-Gravitas CVE published 2026-06-18

CVE-2025-32392

CVE-2025-32392 is a high-severity vulnerability in AutoGPT, a workflow automation platform for creating and managing AI agents. The vulnerability exists in the LoopVideoBLock feature, which allows users to input a video file and process it without any resource allocation limits. A malicious attacker can exploit this by looping a video an unlimited number of times, generating an excessively large video fil [truncated]

MEDIUM Significant-Gravitas CVE published 2026-05-28

CVE-2026-45023

A missing authorization check in AutoGPT's block execution API allows authenticated users to bypass credit consumption controls. The POST /api/blocks/{block_id}/execute endpoint executes blocks without validating or deducting user credits, enabling unlimited free execution of all block types. The credit enforcement mechanism exists only in the graph execution path (manager.py) and is never invoked for dir [truncated]

HIGH Significant-Gravitas CVE published 2026-05-19

CVE-2026-33233

AutoGPT versions 0.6.34 through 0.6.51 use Python's pickle module for Redis cache serialization without integrity or authenticity verification. The backend serializes values with pickle.dumps and deserializes with pickle.loads without HMAC, signature, or strict schema validation. An attacker with ability to poison a shared Redis cache key can achieve arbitrary code execution in the backend container conte [truncated]

HIGH Significant-Gravitas CVE published 2026-05-19

CVE-2026-33232

CVE-2026-33232 is an unauthenticated denial-of-service issue in AutoGPT Platform. The vulnerable download_agent_file endpoint creates temporary files for each request but does not delete them after serving them, allowing repeated requests to consume disk space until the backend becomes unavailable. The reported impact is server-wide service failure, including database or other component errors due to "No [truncated]

HIGH Significant-Gravitas CVE published 2026-05-18

CVE-2026-30950

## Summary CVE-2026-30950 is a HIGH-severity (CVSS 7.1) authenticated session-hijacking vulnerability in AutoGPT, a workflow-automation platform for AI agents. Versions 0.6.36–0.6.50 are affected. An authenticated attacker who knows (or guesses) another user's session_id can reassign that session to themselves via the PATCH /sessions/{session_id}/assign-user endpoint. The flaw stems from an insecure direc [truncated]

MEDIUM Significant-Gravitas CVE published 2026-05-13

CVE-2025-32425

CVE-2025-32425 is a medium-severity denial-of-service vulnerability in AutoGPT Platform, published 2026-05-13 and last modified 2026-05-26. The issue stems from unbounded container log growth in Docker deployments: execution output is captured to stdout/stderr and stored as container logs without size limits. Under high user access volume, logs can exhaust server disk resources, causing DoS. The vulnerabi [truncated]