PT-2026-41763 · Autogpt · Autogpt
Published
2026-05-19
·
Updated
2026-05-19
·
CVE-2026-33234
CVSS v3.1
5.0
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
AutoGPT versions 0.1.0 through 0.6.51
Description
The
SendEmailBlock in autogpt platform/backend/backend/blocks/email block.py allows an authenticated user to perform Server-Side Request Forgery (SSRF). The block accepts user-supplied smtp server and smtp port inputs and passes them to Python's smtplib.SMTP() to open a raw TCP connection without IP address validation. This bypasses the validate url host() function and BLOCKED IP NETWORKS blocklist used by other blocks to prevent connections to private, loopback, link-local, and cloud metadata addresses. An attacker can use this to conduct internal network port scanning and service fingerprinting, as the target's TCP banner is read upon connection and displayed in the user-visible block output via exception messages.Recommendations
Update to version 0.6.52.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Autogpt