CVE-2026-22038

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.46

Description AutoGPT is a platform for creating and managing AI agents to automate workflows. The Stagehand integration improperly logs API keys and authentication secrets in plaintext using logger.info() statements. This occurs within the StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock implementations, where the code calls api key.get secret value() and logs the returned value. The vulnerable code exposes sensitive information through logging mechanisms.

Recommendations Update to version 0.6.46 or later.