SSRF Vulnerability in AutoGPT Workflow Automation Platform
CVE-2026-56663

8.5HIGH

Key Information:

Vendor: Significant-gravitas
Status: Autogpt
Vendor: CVE Published:; 26 June 2026

🔔 Create Significant-gravitas Vulnerability Alert

What is CVE-2026-56663?

The AutoGPT platform, designed for managing AI workflows, contains a vulnerability that allows authenticated users to bypass important security mechanisms designed to protect internal network services. This issue arises from the failure to correctly handle IPv4-mapped IPv6 addresses during request validation, which may allow malicious requests to reach restricted internal endpoints. Moreover, certain special-use IP ranges were overlooked in the validation process. To maintain security, users are advised to upgrade to version 0.6.52 or later, which addresses this vulnerability.

Affected Version(s)

AutoGPT < 0.6.52

References

https://github.com/Significant-Gravitas/AutoGPT/security/...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 22, 2026

CVE-2026-56663 Data

JSON