Remote Code Execution Vulnerability in AutoGPT by Significant Gravitas
CVE-2026-26020

9.4CRITICAL

Key Information:

Vendor: Significant-gravitas
Status: Autogpt
Vendor: CVE Published:; 12 February 2026

🔔 Create Significant-gravitas Vulnerability Alert

What is CVE-2026-26020?

AutoGPT, a platform for creating and managing artificial intelligence agents, has a vulnerability that allows authenticated users to achieve Remote Code Execution on the backend server. This occurs when a user embeds a disabled development tool, known as BlockInstallationBlock, into a graph. Although the block is marked as disabled, the graph validation does not sufficiently enforce this state, permitting any authenticated user to bypass the restrictions by utilizing the block as a node. This issue has been addressed in version 0.6.48.