CVE-2025-53944

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.16

Description AutoGPT is a platform for creating, deploying, and managing continuous artificial intelligence agents. The external API’s get graph execution results endpoint has an authorization bypass. While the API correctly validates user access to the graph id parameter, it fails to verify ownership of the graph exec id parameter. This allows authenticated users to access any execution results by providing arbitrary execution IDs. The internal API implements proper validation for both parameters.

Recommendations Update AutoGPT to version 0.6.16 or later.