CVE-2026-6612

TransformerOptimus SuperAGI Agent Execution Endpoint agent_execution.py update_agent_execution authorization

CVSS 5.3 MEDIUMEPSS 0.3%CWE-285 CWE-639

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function get_agent_execution/update_agent_execution of the file superagi/controllers/agent_execution.py of the component Agent Execution Endpoint. Executing a manipulation of the argument agent_execution_id can lead to authorization bypass. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

TransformerOptimus · SuperAGI

PoCs públicas encontradas — 1

cve_referencegist.github.com/YLChen-007/d033e9d4d23e0832b9ede71dc545ac9ano verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://gist.github.com/YLChen-007/d033e9d4d23e0832b9ede71dc545ac9a https://vuldb.com/submit/791078 https://vuldb.com/vuln/358247 https://vuldb.com/vuln/358247/cti