PT-2026-41762 · Autogpt+1 · Autogpt+1
Published
2026-05-19
·
Updated
2026-05-19
·
CVE-2026-33233
CVSS v3.1
7.6
High
| Vector | AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AutoGPT versions 0.6.34 through 0.6.51
Description
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. The backend deserializes Redis cache bytes using the
pickle.loads() function without integrity or authenticity checks. While the write path uses pickle.dumps() to serialize values into Redis, the read path invokes pickle.loads() on bytes without HMAC signatures or strict schema validation. An attacker capable of poisoning a shared-cache key in Redis can achieve arbitrary command execution within the backend container context, impacting confidentiality, integrity, and availability.Recommendations
Update to version 0.6.52.
Exploit
Fix
RCE
Insufficient Verification of Data Authenticity
Deserialization of Untrusted Data
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Autogpt
Redis