PT-2026-41763 · Autogpt · Autogpt

Published

2026-05-19

·

Updated

2026-05-19

·

CVE-2026-33234

CVSS v3.1

5.0

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions AutoGPT versions 0.1.0 through 0.6.51
Description The SendEmailBlock in autogpt platform/backend/backend/blocks/email block.py allows an authenticated user to perform Server-Side Request Forgery (SSRF). The block accepts user-supplied smtp server and smtp port inputs and passes them to Python's smtplib.SMTP() to open a raw TCP connection without IP address validation. This bypasses the validate url host() function and BLOCKED IP NETWORKS blocklist used by other blocks to prevent connections to private, loopback, link-local, and cloud metadata addresses. An attacker can use this to conduct internal network port scanning and service fingerprinting, as the target's TCP banner is read upon connection and displayed in the user-visible block output via exception messages.
Recommendations Update to version 0.6.52.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-33234
GHSA-4JWJ-6MG5-WRWF

Affected Products

Autogpt