Workflow Automation Vulnerability in AutoGPT by Significant Gravitas
CVE-2026-33234

5MEDIUM

Key Information:

Vendor: Significant-gravitas
Status: Autogpt
Vendor: CVE Published:; 19 May 2026

🔔 Create Significant-gravitas Vulnerability Alert

What is CVE-2026-33234?

The AutoGPT platform allows users to specify an SMTP server and port, which can lead to potential internal network scanning. This vulnerability arises from the absence of validation checks on user inputs in the SendEmailBlock component. When an authenticated user provides these inputs, AutoGPT bypasses its built-in security mechanisms, potentially exposing sensitive internal services. This flaw could enable attackers to gather information about internal network services, as they can extract TCP banners and other data during the connection process. The issue has been addressed in version 0.6.52.

Affected Version(s)

AutoGPT >= 0.1.0, < 0.6.52

References

https://github.com/Significant-Gravitas/AutoGPT/security/...

x_refsource_CONFIRM

https://github.com/Significant-Gravitas/AutoGPT/releases/...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
Mar 18, 2026

CVE-2026-33234 Data

JSON