AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents
AutoGPT versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service (DoS) due to uncontrolled disk space consumption. The `download_agent_file` endpoint creates persistent temporary files for every request but fails to delete them. An attacker can repeatedly call this endpoint to exhaust server disk space, causing system services to fail.
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service (DoS) through the server due to uncontrolled disk space consumption. The download_agent_file endpoint creates persistent temporary files for every request but fails to delete them after they are served. An unauthenticated attacker can repeatedly call this endpoint to exhaust the server's disk space, causing the database or other system services to fail due to "No space left on device" errors, rendering the entire AutoGPT Platform backend unavailable to all users. This issue has been patched in version 0.6.52.
All users of AutoGPT versions 0.4.2 through 0.6.51 are at high risk of unauthenticated Denial of Service, which can completely render the platform unusable due to disk space exhaustion.
Remediation Recommended
This vulnerability carries significant risk. Schedule patching in your next cycle.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0
Affected Products
2
References
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability
Impact