CVE-2026-24780: AutoGPT is Vulnerable to RCE via Disabled Block Execution
(updated )
AutoGPT Platform’s block execution endpoints (both main web API and external API) allow executing blocks by UUID without checking the disabled flag. Any authenticated user can execute the disabled BlockInstallationBlock, which writes arbitrary Python code to the server filesystem and executes it via __import__(), achieving Remote Code Execution. In default self-hosted deployments where Supabase signup is enabled, an attacker can self-register; if signup is disabled (e.g., hosted), the attacker needs an existing account.
References
- github.com/Significant-Gravitas/AutoGPT
- github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/api/external/v1/routes.py
- github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/api/features/v1.py
- github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/api/features/v1.py
- github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/blocks/block.py
- github.com/Significant-Gravitas/AutoGPT/blob/master/autogpt_platform/backend/backend/data/block.py
- github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-r277-3xc5-c79v
- github.com/advisories/GHSA-r277-3xc5-c79v
- nvd.nist.gov/vuln/detail/CVE-2026-24780
Code Behaviors & Features
Detect and mitigate CVE-2026-24780 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →