AutoGPT has a DoS vulnerability in ScreenshotWebPageBlock
Description
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, ScreenshotWebPageBlock will store the captured screenshots in a temporary directory. StepThroughItemsBlock can be used to iterate ScreenshotWebPageBlock multiple times. StepThroughItemsBlock does not limit the number of loops. In addition, ScreenshotWebPageBlock does not limit the amount of disk space consumed in the current working directory. When a malicious user chooses to screen shot many web pages, the disk space will eventually run out, causing a DoS. Version 0.6.63 patches the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<0.6.63+ 1 more
- (no CPE)range: <0.6.63
- (no CPE)range: <=0.6.63
Patches
Vulnerability mechanics
Root cause
"Missing iteration limit in StepThroughItemsBlock and missing disk-space limit in ScreenshotWebPageBlock allow unbounded screenshot storage."
Attack vector
An attacker provides a prompt that instructs the agent to take screenshots of many web pages (e.g., `baidu.com`, `github.com`, and more). `StepThroughItemsBlock` iterates over the list without limiting the number of loops [ref_id=1], and `ScreenshotWebPageBlock` writes each screenshot to disk without capping disk usage [ref_id=1]. By requesting a large number of screenshots, the attacker causes disk space exhaustion, leading to a denial of service. The agent's countdown timer can further delay cleanup, making the DoS persistent [ref_id=1].
What the fix does
The patch (version 0.6.63) is not shown in the bundle, but the advisory states that the issue is fixed in that release [ref_id=1]. The fix presumably introduces a limit on the number of iterations in `StepThroughItemsBlock` and/or a cap on disk space consumed by `ScreenshotWebPageBlock`, preventing an unbounded accumulation of screenshot files. Without the actual diff, the exact mechanism cannot be confirmed.
Preconditions
- inputThe attacker must be able to submit a prompt to the AutoGPT agent that includes a list of URLs to screenshot.
- networkThe agent must have network access to fetch the target web pages.
Generated on Jun 19, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-7g34-7fvq-xxq6mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.