CVE-2026-24780

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.44

Description AutoGPT Platform’s block execution endpoints, both the main web API and external API, allow execution of blocks by UUID without verifying the disabled flag. This allows any authenticated user to execute the disabled BlockInstallationBlock, which writes arbitrary Python code to the server filesystem and executes it using import (), resulting in Remote Code Execution (RCE). In default self-hosted deployments where Supabase signup is enabled, an attacker can self-register. If signup is disabled (e.g., hosted deployments), the attacker requires an existing account. The vulnerable BlockInstallationBlock uses a hardcoded UUID. The dangerous block writes attacker-provided code to the server filesystem and executes it via import (). The main web API endpoint is located at /blocks/{block id}/execute and requires a logged-in user. The external API endpoint is located at /external-api/v1/blocks/{block id}/execute and requires an API key with EXECUTE BLOCK permission, which can be created by any user via the main API.

Recommendations Update to AutoGPT version 0.6.44 or later.