CNNVD-202601-4896 Information
CNNVD ID
CNNVD-202601-4896
Related CVE
- CNNVD Published: 2026-01-29
Description (Chinese)
AutoGPT是AutoGPT开源的一个工具。用于让每个人都能使用和构建可访问的AI。 AutoGPT autogpt-platform-beta-v0.6.44之前版本存在安全漏洞,该漏洞源于未检查禁用标志,可能导致经过身份验证的用户执行任意Python代码,实现远程代码执行。
Description (English)
AutoGPT is a tool to open AutoGPT. Use this to make it possible for everyone to use and build accessable AI. The previous version of AutoGPT autogpt-platform-beta-v0.6.44 had a security loophole, which stemmed from the failure to check for disabled markings, which could lead to any Python code being performed by an identified user and to remote code execution.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
AutoGPT
Published
2026-01-29
Last Modified
2026-02-24
References
https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/api/external/v1/routes.py#L79-L93 https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/api/features/v1.py#L1408-L1424 https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/api/features/v1.py#L355-L395 https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/blocks/block.py#L15-L78 https://github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/data/block.py#L459 https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-r277-3xc5-c79v
Patch
https://github.com/Significant-Gravitas/AutoGPT/releases
Share on: