What is CVE-2026-24780?

A high-severity vulnerability in AGPT's AutoGPT platform enables remote code execution through improperly handled block execution. Organizations must address this vulnerability promptly to mitigate risks associated with unauthorized code execution.

What is the severity of CVE-2026-24780?

CVE-2026-24780 has a severity rating of HIGH with a CVSS base score of 8.6.

CVE-2026-24780 | High Vulnerability in AGPT AutoGPT Platform

CVE-2026-24780 is a high-severity vulnerability impacting the AGPT AutoGPT platform, which allows users to create and manage AI agents that automate complex workflows. Prior to the release of autogpt-platform-beta-v0.6.44, the platform's block execution endpoints permitted executing blocks by UUID without validating the `disabled` flag. This oversight allows any authenticated user to execute the disabled `BlockInstallationBlock`, which can write arbitrary Python code to the server's filesystem and execute it via `__import__()`, thereby achieving Remote Code Execution (RCE).

The implications of this vulnerability are significant, particularly in default self-hosted deployments where Supabase signup is enabled, as an attacker could self-register. If signup is disabled, an existing account is required to exploit this flaw. The potential for unauthorized code execution poses a critical risk to organizations utilizing the AutoGPT platform.

The vulnerability has a CVSS score of 8.6, classified as high severity due to its low attack complexity and high impact on confidentiality, integrity, and availability. As such, organizations should prioritize patching immediately.

AutoGPT version autogpt-platform-beta-v0.6.44 contains a fix for this vulnerability. Security teams are encouraged to assess their deployment configurations and apply the necessary updates to mitigate the associated risks.

Vulnerability Details

The vulnerability allows authenticated users to bypass security checks, leading to potential RCE. The CVE-2026-24780 vulnerability is classified under multiple CWEs, including CWE-94 (Code Injection), CWE-276 (Incorrect Default Permissions), and CWE-863 (Incorrect Authorization). The vulnerability's attack vector is network-based, and it requires low privileges, with no user interaction necessary.

Technical Analysis

The root cause of CVE-2026-24780 is attributed to improper validation of the `disabled` flag in block execution endpoints. The attack vector is network-based, allowing attackers to exploit the vulnerability remotely. The attack complexity is low, as it does not require sophisticated techniques. Privileges required are low, meaning that even users with minimal permissions can exploit the vulnerability. Notably, no user interaction is required to execute the attack, enhancing its feasibility.

Risk & Impact Analysis

Risk to organizations includes unauthorized code execution, which could lead to data breaches, system compromise, or further exploitation of the infrastructure. The blast radius of this vulnerability is significant, as it could affect all users of the AutoGPT platform that fail to apply the patch. Given the CVSS score of 8.6 and the potential for exploitation, organizations should address this vulnerability in their priority patch cycle.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of the AGPT AutoGPT platform range from version 0.1.0 to versions prior to 0.6.44. Organizations that utilize versions within this range should take immediate action to update their installations.

Mitigation & Remediation

To remediate CVE-2026-24780, organizations should upgrade to at least version autogpt-platform-beta-v0.6.44, which contains the necessary fixes. If immediate upgrading is not feasible, organizations should consider implementing configuration hardening strategies and network controls to mitigate the risk of exploitation. For further guidance on securing applications, organizations can refer to the application security assessment, which provides detailed strategies for enhancing security posture.

Detection Guidance

Security teams should monitor for unusual activity related to block execution requests. Indicators of compromise may include unexpected changes to the server filesystem or attempts to execute arbitrary code. Implementing logging mechanisms to capture API request patterns can also aid in detecting potential exploitation attempts.

AppSecure Threat Intelligence Insight

CVE-2026-24780 highlights critical security considerations for organizations utilizing AI-driven platforms. As the landscape of application vulnerabilities continues to evolve, security teams must remain vigilant and proactive in identifying and mitigating risks. The presence of similar vulnerabilities underscores the importance of ongoing security assessments and the implementation of robust development practices. For insights into enhancing your security framework, explore our resources on security testing best practices and penetration testing methodology to fortify your defenses against emerging threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-24780: High Vulnerability in AGPT AutoGPT Platform