CVE-2026-45023

5.4 MEDIUM

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents

Published: 2026-05-28 · Last updated: 2026-05-29

Severity and scoring

CVSS: 5.4 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CWE: CWE-770, CWE-841

Description

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/{block_id}/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in the graph execution path (manager.py) is never reached when blocks are called directly via the external API, allowing unlimited free execution of all blocks. This vulnerability is fixed in 0.6.59.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-24720 — An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6
CVE-2026-46540 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (6.5 MEDIUM)
CVE-2026-41726 — When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with uniqu... (6.5 MEDIUM)
CVE-2026-41716 — Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhau... (7.5 HIGH)
CVE-2026-28237 — Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of ...