CVE Catalog

CVE-2026-33235

HighCVSS 7.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

AutoGPT, a workflow automation platform, has a Denial of Service (DoS) vulnerability in versions prior to 0.6.52. The Fill Text Template block does not limit the computational complexity or execution time of expressions, allowing an attacker to input computationally expensive Python/Jinja2 expressions, leading to system hang or crash.

Risk Assessment

For organizations, this poses a risk of complete service outage and 'noisy neighbor' issues in multi-tenant environments, requiring manual administrative intervention to restore system functionality.

Recommendation

It is recommended to upgrade to version 0.6.52 or later to mitigate this vulnerability and to implement additional constraints on computational complexity within the application.

Original NVD description (English source)

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service (DoS) attack. While the backend implements a SandboxedEnvironment to prevent unauthorized attribute access (e.g., blocking __class__), it fails to limit the computational complexity or execution time of the expressions. An attacker can input computationally expensive Python/Jinja2 expressions that consume the server's CPU and memory, leading to a complete system hang or crash. In multi-tenant or self-hosted environments, this results in a complete service outage and "noisy neighbor" effects that require manual administrative intervention to recover. This issue has been fixed in version 0.6.52.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS