← volver
CVE-2025-41023

Authentication bypass in AutoGPT de Thesamur

CVSS 6.9 MEDIUMEPSS 0.4%CWE-287
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.9EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
19 feb 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An authentication bypass vulnerability has been found in Thesamur's AutoGPT. This vulnerability allows an attacker to bypass authentication mechanisms. Once inside the web application, the attacker can use any of its features regardless of the authorisation method used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Productos afectados
Thesamur · AutoGPT