CVE-2026-30950

Name of the Vulnerable Software and Affected Versions AutoGPT versions 0.6.36 through 0.6.50

Description AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. The software is subject to Authenticated Session Hijacking via Insecure Direct Object Reference (IDOR), a flaw where an application provides direct access to objects based on user-supplied input. An authenticated attacker who determines the session id of another user can take over that session, read all messages, and lock the legitimate user out. This occurs because the 'PATCH /sessions/{session id}/assign-user' endpoint authenticates the caller but fails to verify session ownership. The service layer invokes the session lookup with user id set to None, which the data access layer interprets as a privileged system call, bypassing the ownership filter and allowing any authenticated user to reassign an arbitrary session to themselves.

Recommendations Update to version 0.6.51.