CVE-2026-45023

AutoGPT: Credit system bypassed via direct block execution in POST /api/blocks/{block_id}/execute

CVSS 5.4 MEDIUMEPSS 0.2%CWE-770 CWE-841

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.4EPSS 0.2%KEV nãoPoC —Patch —

Lifecycle

28 May 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/{block_id}/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in the graph execution path (manager.py) is never reached when blocks are called directly via the external API, allowing unlimited free execution of all blocks. This vulnerability is fixed in 0.6.59.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Affected products

Significant-Gravitas · AutoGPT

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-8pjg-mfqm-vrhr