Webhook Exposure in AutoGPT by Significant Gravitas
CVE-2026-56823

5.4MEDIUM

Key Information:

Vendor: Significant-gravitas
Status: Autogpt
Vendor: CVE Published:; 26 June 2026

🔔 Create Significant-gravitas Vulnerability Alert

What is CVE-2026-56823?

The AutoGPT platform introduces a security flaw in its webhook integration mechanism. Specifically, the POST /api/integrations/webhooks/{webhook_id}/ping endpoint can be exploited by any authenticated user. Without proper verification that the provided webhook_id belongs to the authenticated user, attackers can manipulate the endpoint to discover webhook details, such as the associated OAuth provider type. This vulnerability also has the potential to trigger undesirable ping deliveries on behalf of other users, increasing the risk of data exposure and unauthorized actions.

Affected Version(s)

AutoGPT < 0.6.64

References

https://github.com/Significant-Gravitas/AutoGPT/security/...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 23, 2026

CVE-2026-56823 Data

JSON