Regular Expression Vulnerability in AutoGPT Platform by Significant Gravitas
CVE-2026-26006

6.5MEDIUM

Key Information:

Vendor

Significant-gravitas

Status
Autogpt
Vendor
CVE Published:
10 February 2026

What is CVE-2026-26006?

The AutoGPT platform, a tool for creating and managing AI-driven workflows, has a vulnerability in its Code Extraction Block prior to version 0.6.32. By utilizing certain regular expressions, the platform could be subjected to Denial of Service attacks. Specifically, the regex patterns used in the application's code share adjacent quantifiers that can lead to excessive backtracking when processing long sequences of space characters. Attackers can exploit this flaw by inputting a carefully crafted sequence, ultimately overwhelming the application and causing it to become unresponsive. This vulnerability has been addressed and resolved in version 0.6.32.

Affected Version(s)

AutoGPT >= 0.4.0, < 0.6.32

References

https://github.com/Significant-Gravitas/AutoGPT/security/...
x_refsource_CONFIRM
https://github.com/Significant-Gravitas/AutoGPT/commit/57...
x_refsource_MISC
https://github.com/Significant-Gravitas/AutoGPT/blob/mast...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.