CNNVD-202602-765 Information

CNNVD ID

CNNVD-202602-765

Related CVE

CVE-2025-62615

• CNNVD Published: 2026-02-04

Description (Chinese)

AutoGPT是AutoGPT开源的一个工具。用于让每个人都能使用和构建可访问的AI。 AutoGPT autogpt-platform-beta-v0.6.34之前版本存在代码问题漏洞，该漏洞源于RSSFeedBlock中直接使用第三方库urllib.request.urlopen访问URL但未过滤输入URL，可能导致服务端请求伪造。

Description (English)

AutoGPT is a tool to open AutoGPT. Use this to make it possible for everyone to use and build accessable AI. The pre-AutoGPT autogpt-platform-beta-v0.6.34 version has a code problem loophole, which stems from the direct use of the third-party library urllib.request.urlopen access to the URL without filtering it into the URL, which may result in the falsification of service requests.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

AutoGPT

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-r55v-q5pc-j57f

Patch

https://github.com/Significant-Gravitas/AutoGPT/releases