Unauthenticated Denial of Service Vulnerability in AutoGPT by Significant Gravitas
CVE-2026-33232

7.5HIGH

Key Information:

Vendor: Significant-gravitas
Status: Autogpt
Vendor: CVE Published:; 19 May 2026

🔔 Create Significant-gravitas Vulnerability Alert

What is CVE-2026-33232?

The AutoGPT platform, a workflow automation tool by Significant Gravitas, is susceptible to an unauthenticated Denial of Service (DoS) due to unregulated disk space usage. Affected versions from 0.4.2 to 0.6.51 allow an unauthenticated attacker to exploit the download_agent_file endpoint, which generates temporary files without proper cleanup. If exploited, attackers can fill the server's disk space, leading to failures in database and system services with 'No space left on device' errors. This disruption could make the entire AutoGPT platform backend unreachable for all users. Users are advised to upgrade to version 0.6.52 or later to mitigate this vulnerability.

Affected Version(s)

AutoGPT >= 0.4.2, < 0.6.52

References

https://github.com/Significant-Gravitas/AutoGPT/security/...

x_refsource_CONFIRM

https://github.com/Significant-Gravitas/AutoGPT/releases/...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
Mar 18, 2026

CVE-2026-33232 Data

JSON