CVE-2026-26006

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.32

Description AutoGPT is a platform for creating, deploying, and managing continuous artificial intelligence agents that automate complex workflows. Versions of AutoGPT before 0.6.32 contain a Regular Expression Denial of Service issue due to the use of regular expressions in the Code Extraction Block. Specifically, the regular expressions s+[sS]*? and s+(.*?) are vulnerable. These expressions contain adjacent quantifiers that can match the same space character (s), allowing an attacker to provide a long sequence of space characters to trigger excessive regex backtracking, potentially leading to a Denial of Service (DoS).

Recommendations Update to version 0.6.32 or later.