CVE-2026-33235
HighCVSS 7.7Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
AutoGPT, a workflow automation platform, has a Denial of Service (DoS) vulnerability in versions prior to 0.6.52. The Fill Text Template block does not limit the computational complexity or execution time of expressions, allowing an attacker to input computationally expensive Python/Jinja2 expressions, leading to system hang or crash.
Risk Assessment
For organizations, this poses a risk of complete service outage and 'noisy neighbor' issues in multi-tenant environments, requiring manual administrative intervention to restore system functionality.
Recommendation
It is recommended to upgrade to version 0.6.52 or later to mitigate this vulnerability and to implement additional constraints on computational complexity within the application.
Original NVD description (English source)
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service (DoS) attack. While the backend implements a SandboxedEnvironment to prevent unauthorized attribute access (e.g., blocking __class__), it fails to limit the computational complexity or execution time of the expressions. An attacker can input computationally expensive Python/Jinja2 expressions that consume the server's CPU and memory, leading to a complete system hang or crash. In multi-tenant or self-hosted environments, this results in a complete service outage and "noisy neighbor" effects that require manual administrative intervention to recover. This issue has been fixed in version 0.6.52.

