CVE-2026-33232

7.5 HIGH

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents

Published: 2026-05-19 · Last updated: 2026-05-19

Severity and scoring

CVSS: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400, CWE-459, CWE-770

Description

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service (DoS) through the server due to uncontrolled disk space consumption. The download_agent_file endpoint creates persistent temporary files for every request but fails to delete them after they are served. An unauthenticated attacker can repeatedly call this endpoint to exhaust the server's disk space, causing the database or other system services to fail due to "No space left on device" errors, rendering the entire AutoGPT Platform backend unavailable to all users. This issue has been patched in version 0.6.52.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-12325 — Denial-of-service in the Graphics: ImageLib component (6.5 MEDIUM)
CVE-2026-12319 — Denial-of-service in the Audio/Video: Playback component (6.5 MEDIUM)
CVE-2026-48854 — Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BE...
CVE-2026-48853 — Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unau...
CVE-2026-50889 — An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service (DoS) via sending ... (7.5 HIGH)