CNNVD-202602-2072 Information

CNNVD ID

CNNVD-202602-2072

Related CVE

CVE-2026-26020

• CNNVD Published: 2026-02-12

Description (Chinese)

AutoGPT是AutoGPT开源的一个工具。用于让每个人都能使用和构建可访问的AI。 AutoGPT 0.6.48之前版本存在授权问题漏洞，该漏洞源于图形验证未强制执行禁用标志，允许经过身份验证的用户绕过限制，可能导致远程代码执行。

Description (English)

AutoGPT is a tool to open AutoGPT. Use this to make it possible for everyone to use and build accessable AI. The previous version of AutoGPT 0.6.48 had a mandate gap, which stemmed from the fact that the graphic authentication did not enforce the defunct marking and allowed the user with the authentication to circumvent the limit, which could lead to remote code execution.

Vulnerability Type

授权问题

Affected Vendor

AutoGPT

Published

2026-02-12

Last Modified

2026-02-24

References

https://github.com/Significant-Gravitas/AutoGPT/commit/062fe1aa709217136b896c8b950e0f04435afb32 https://github.com/Significant-Gravitas/AutoGPT/releases/tag/autogpt-platform-beta-v0.6.48 https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-4crw-9p35-9x54

Patch

https://github.com/Significant-Gravitas/AutoGPT/releases