CVE-2026-6612

MEDIUM 6.3

TransformerOptimus SuperAGI Agent Execution Endpoint agent_execution.py update_agent_execution authorization

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function get_agent_execution/update_agent_execution of the file superagi/controllers/agent_execution.py of the component Agent Execution Endpoint. Executing a manipulation of the argument agent_execution_id can lead to authorization bypass. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-639 CWE-285
Vendor	transformeroptimus
Product	superagi
Published	Apr 20, 2026

Stay Ahead of the Next One

Get instant alerts for transformeroptimus superagi

Be the first to know when new medium vulnerabilities affecting transformeroptimus superagi are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

TransformerOptimus / SuperAGI

0.0.1 0.0.2 0.0.3 0.0.4 0.0.5 0.0.6 0.0.7 0.0.8 0.0.9 0.0.10 0.0.11 0.0.12 0.0.13 0.0.14

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/358247 vuldb.com: https://vuldb.com/vuln/358247/cti vuldb.com: https://vuldb.com/submit/791078 gist.github.com: https://gist.github.com/YLChen-007/d033e9d4d23e0832b9ede71dc545ac9a

Credits

🔍 Eric-z (VulDB User) VulDB CNA Team