PT-2026-41761 · Autogpt · Autogpt

CVE-2026-33232

·

Published

2026-05-19

·

Updated

2026-05-19

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions AutoGPT versions 0.4.2 through 0.6.51
Description Unauthenticated Denial of Service (DoS) is possible due to uncontrolled disk space consumption. The 'download agent file' endpoint creates persistent temporary files for every request but does not delete them after they are served. An attacker can repeatedly call this endpoint to exhaust the server's disk space, leading to "No space left on device" errors that cause the database or other system services to fail, rendering the backend unavailable to all users.
Recommendations Update to version 0.6.52. Restrict access to the 'download agent file' endpoint as a temporary mitigation measure.

Exploit

Fix

DoS

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-33232
GHSA-374W-2PXQ-C9JP

Affected Products

Autogpt