PT-2026-6639 · Autogpt+1 · Autogpt+1
Published
2026-02-05
·
Updated
2026-02-17
·
CVE-2025-32393
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
AutoGPT versions prior to 0.6.32
Description
AutoGPT is a platform for creating and managing AI agents that automate workflows. A denial-of-service condition exists in the
ReadRSSFeedBlock component due to uncontrolled resource allocation during XML parsing with feedparser.parser. A malicious user can provide a specially crafted, deeply nested XML file via a URL, leading to excessive memory consumption and ultimately a denial-of-service. The vulnerable component calls feedparser.parser to obtain and parse XML files based on user-provided URLs. There is no limit on parsing time or resource allocation during this process.Recommendations
Update to version 0.6.32 or later.
Exploit
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Autogpt
Feedparser