PT-2026-41761 · Autogpt · Autogpt
CVE-2026-33232
·
Published
2026-05-19
·
Updated
2026-05-19
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
AutoGPT versions 0.4.2 through 0.6.51
Description
Unauthenticated Denial of Service (DoS) is possible due to uncontrolled disk space consumption. The 'download agent file' endpoint creates persistent temporary files for every request but does not delete them after they are served. An attacker can repeatedly call this endpoint to exhaust the server's disk space, leading to "No space left on device" errors that cause the database or other system services to fail, rendering the backend unavailable to all users.
Recommendations
Update to version 0.6.52.
Restrict access to the 'download agent file' endpoint as a temporary mitigation measure.
Exploit
Fix
DoS
Resource Exhaustion
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Autogpt