CVE-2026-45023— AutoGP: Credit system bypassed via direct block execution in POST /api/blocks/{block_id}/execute
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Significant-Gravitas | AutoGPT | < 0.6.59 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-45023
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AutoGP: Credit system bypassed via direct block execution in POST /api/blocks/{block_id}/execute
Source: NVD (National Vulnerability Database)
Vulnerability Description
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/{block_id}/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in the graph execution path (manager.py) is never reached when blocks are called directly via the external API, allowing unlimited free execution of all blocks. This vulnerability is fixed in 0.6.59.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
不加限制或调节的资源分配
Source: NVD (National Vulnerability Database)
Vulnerability Title
AutoGPT 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
AutoGPT是AutoGPT开源的一个工具。用于让每个人都能使用和构建可访问的AI。 AutoGPT 0.6.59之前版本存在安全漏洞,该漏洞源于POST /api/blocks/{block_id}/execute端点执行块时未消耗积分,允许无限免费执行所有块。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Significant-Gravitas | AutoGPT | < 0.6.59 | - |
II. Public POCs for CVE-2026-45023
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-45023
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-45023 (1)
IV. Related Vulnerabilities
Same product: AutoGPT
- CVE-2026-33234
AutoGPT: SendEmailBlock's IP blocklist bypass allows SSRF vi - CVE-2026-33233
AutoGPT Platform: Remote Code Execution via Unsafe Pickle De - CVE-2026-33232
AutoGPT: Unauthenticated DoS via Disk Space Exhaustion - CVE-2026-30950
AutoGPT has Authenticated Session Hijacking via IDOR - CVE-2025-32425
AutoGPT has missing Docker log rotation on platform containe
Same vendor: Significant-Gravitas
- CVE-2026-33234
AutoGPT: SendEmailBlock's IP blocklist bypass allows SSRF vi - CVE-2026-33233
AutoGPT Platform: Remote Code Execution via Unsafe Pickle De - CVE-2026-33232
AutoGPT: Unauthenticated DoS via Disk Space Exhaustion - CVE-2026-30950
AutoGPT has Authenticated Session Hijacking via IDOR - CVE-2025-32425
AutoGPT has missing Docker log rotation on platform containe
Same weakness: CWE-770
- CVE-2026-45292
opentelemetry-java: Unbounded Memory Allocation in W3C Bagga - CVE-2026-45078
Synapse CPU starvation (Denial of Service) - CVE-2026-48735
pypdf: Manipulated XMP metadata streams can exhaust RAM - CVE-2026-1402
Allocation of Resources Without Limits or Throttling in GitL - CVE-2026-6053
IBM® Db2® is vulnerable to a denial of service when a specia
V. Comments for CVE-2026-45023
No comments yet