CVE-2026-33232

HIGH 7.5

AutoGPT: Unauthenticated DoS via Disk Space Exhaustion

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service (DoS) through the server due to uncontrolled disk space consumption. The download_agent_file endpoint creates persistent temporary files for every request but fails to delete them after they are served. An unauthenticated attacker can repeatedly call this endpoint to exhaust the server's disk space, causing the database or other system services to fail due to "No space left on device" errors, rendering the entire AutoGPT Platform backend unavailable to all users. This issue has been patched in version 0.6.52.

CWE	CWE-459 CWE-400 CWE-770
Vendor	significant-gravitas
Product	autogpt
Published	May 19, 2026
Last Updated	May 19, 2026

Stay Ahead of the Next One

Get instant alerts for significant-gravitas autogpt

Be the first to know when new high vulnerabilities affecting significant-gravitas autogpt are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

Significant-Gravitas / AutoGPT

>= 0.4.2, < 0.6.52

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-374w-2pxq-c9jp github.com: https://github.com/Significant-Gravitas/AutoGPT/releases/tag/autogpt-platform-beta-v0.6.52