AutoGPT has a DoS vulnerability in LoopVideoBlock
Description
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AutoGPT's LoopVideoBLock allows users to input a video file and process the video, such as looping it 5 times or extending the time, and finally writing it to disk. However, there is no limit on the resources that can be allocated during execution. For example, the number of loops is user-controllable and unlimited. When a malicious attacker loops too many times, the generated video is too large, and after writing it to disk, the disk space is exhausted, eventually causing DoS. Version 0.6.63 patches the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <0.6.63
Patches
Vulnerability mechanics
Root cause
"Missing resource limit on the user-controllable `n_loops` parameter in LoopVideoBlock allows unbounded disk consumption."
Attack vector
An attacker supplies a prompt that invokes the `LoopVideoBlock` with a large `n_loops` value (e.g., 1,000,000) and a video URL. The block loops the video that many times, producing an enormous output file that exhausts disk space when written. Even if the agent later cleans up the temporary directory, a countdown timer can delay completion arbitrarily (e.g., one year), causing a persistent denial of service. [ref_id=1]
Affected code
The vulnerable code is in AutoGPT's `LoopVideoBlock`, where the `n_loops` parameter is user-controllable and unbounded. The block applies a `Loop(n=input_data.n_loops)` effect and writes the resulting video to disk without any resource limit check. [ref_id=1]
What the fix does
The advisory states that version 0.6.63 patches the issue, but the patch diff is not included in the bundle. The fix presumably introduces a limit on the number of loops or the output file size, preventing an attacker from exhausting disk space. Without the patch, the exact mechanism is not visible. [ref_id=1]
Preconditions
- inputAttacker must be able to send a prompt to an AutoGPT agent that invokes the LoopVideoBlock
- networkThe LoopVideoBlock must have network access to fetch the attacker-supplied video URL
Generated on Jun 19, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-267x-8jx3-gg6wmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.