PT-2026-41762 · Autogpt+1 · Autogpt+1

Published

2026-05-19

·

Updated

2026-05-19

·

CVE-2026-33233

CVSS v3.1

7.6

High

VectorAV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions AutoGPT versions 0.6.34 through 0.6.51
Description AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. The backend deserializes Redis cache bytes using the pickle.loads() function without integrity or authenticity checks. While the write path uses pickle.dumps() to serialize values into Redis, the read path invokes pickle.loads() on bytes without HMAC signatures or strict schema validation. An attacker capable of poisoning a shared-cache key in Redis can achieve arbitrary command execution within the backend container context, impacting confidentiality, integrity, and availability.
Recommendations Update to version 0.6.52.

Exploit

Fix

RCE

Insufficient Verification of Data Authenticity

Deserialization of Untrusted Data

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-33233
GHSA-RFG2-37XQ-W4M9

Affected Products

Autogpt
Redis