CVE-2026-6582

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions TransformerOptimus SuperAGI versions prior to 0.0.15

Description A flaw in the Vector Database Management Endpoint allows remote attackers to bypass authentication. The issue exists within the get vector db details() function located in the superagi/controllers/vector dbs.py file.

Recommendations Update to a version newer than 0.0.14. As a temporary workaround, restrict access to the get vector db details() function to minimize the risk of exploitation.

Exploit

Fix

Missing Authentication

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-287

Related Identifiers

CVE-2026-6582

Affected Products

Superagi

CVE-2026-6582

Weakness Enumeration

Related Identifiers

Affected Products

References · 6