CVE-2026-6584

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions TransformerOptimus SuperAGI versions prior to 0.0.15

Description An authorization bypass exists in the User Update Endpoint within the update user() function of the superagi/controllers/user.py file. A remote attacker can manipulate the user id argument to bypass authorization controls.

Recommendations Update to a version later than 0.0.14. As a temporary workaround, restrict access to the user id argument in the User Update Endpoint.

Exploit

Fix

IDOR

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639CWE-285

Related Identifiers

CVE-2026-6584

Affected Products

Superagi

CVE-2026-6584

Weakness Enumeration

Related Identifiers

Affected Products

References · 6