Auth bypass in Significant-gravitas Autogpt

CVE-2026-26020

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.48, an authenticated user could achieve Remote Code Execution (RCE) on the backen…

EPSS: 0.001 (29.3th percentile) — read the EPSS interpretation.

Affected products

Significant-gravitas Autogpt — versions < 0.6.48

Weakness classification (CWE)

CWE-285 — Improper Authorization

References

https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-4crw-9p35-9x54 (x_refsource_CONFIRM)
https://github.com/Significant-Gravitas/AutoGPT/commit/062fe1aa709217136b896c8b950e0f04435afb32 (x_refsource_MISC)
https://github.com/Significant-Gravitas/AutoGPT/releases/tag/autogpt-platform-beta-v0.6.48 (x_refsource_MISC)