What is CVE-2026-22038?

CVE-2026-22038 is a high-severity vulnerability in Significant-gravitas Autogpt, classified under Insertion of Sensitive Information into Log File. CVSS score: 8.1/10. Published 2026-02-04.

How severe is CVE-2026-22038?

High severity. CVSS v3 base score is 8.1 out of 10.

Is CVE-2026-22038 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Significant-gravitas Autogpt

CVE-2026-22038

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks lo…

EPSS: 0.001 (29.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H.

Affected products

Significant-gravitas Autogpt — versions < autogpt-platform-beta-v0.6.46

Weakness classification (CWE)

CWE-532 — Insertion of Sensitive Information into Log File

Public proof-of-concept exploits

sivaadityacoder/CVE-2026-22038

References

https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-rc89-6g7g-v5v7 (x_refsource_CONFIRM)
https://github.com/Significant-Gravitas/AutoGPT/commit/1eabc604842fa876c09d69af43d2d1e8fb9b8eb9 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-22038?: CVE-2026-22038 is a high-severity vulnerability in Significant-gravitas Autogpt, classified under Insertion of Sensitive Information into Log File. CVSS score: 8.1/10. Published 2026-02-04.
How severe is CVE-2026-22038?: High severity. CVSS v3 base score is 8.1 out of 10.
Is CVE-2026-22038 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.