CVE-2026-56663
HighCVSS 8.5Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
In AutoGPT before version 0.6.52, an authenticated user can bypass SSRF protections and access internal network services. The _is_ip_blocked() function does not normalize IPv4-mapped IPv6 addresses or block special ranges like 100.64.0.0/10 (CGNAT).
Risk Assessment
An attacker could exploit this vulnerability to scan internal networks, access sensitive data, or launch further attacks against internal services.
Recommendation
Immediately update AutoGPT to version 0.6.52 or later, which contains the fix for this vulnerability.
Original NVD description (English source)
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.52, an authenticated user can bypass the SSRF / private-IP protections in SendWebRequestBlock and reach internal network services. _is_ip_blocked() in backend/backend/util/request.py does not normalize IPv4-mapped IPv6 addresses before checking resolved IPs against the blocked IPv4 ranges, and does not block special-use ranges such as 100.64.0.0/10 (CGNAT, RFC 6598). A hostname that resolves to an IPv4-mapped IPv6 address therefore passes validation and the request reaches the embedded internal IPv4 endpoint. This affects all AutoGPT Platform deployments. This vulnerability is fixed in 0.6.52.

