CVE-2026-33232
Description
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service (DoS) through the server due to uncontrolled disk space consumption. The download_agent_file endpoint creates persistent temporary files for every request but fails to delete them after they are served. An unauthenticated attacker can repeatedly call this endpoint to exhaust the server's disk space, causing the database or other system services to fail due to "No space left on device" errors, rendering the entire AutoGPT Platform backend unavailable to all users. This issue has been patched in version 0.6.52.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
AutoGPT versions 0.4.2 to 0.6.51 are vulnerable to unauthenticated denial of service via disk space exhaustion through the download_agent_file endpoint, fixed in 0.6.52.
Vulnerability
The vulnerability resides in the download_agent_file endpoint in autogpt_platform/backend/backend/api/features/store/routes.py. The function uses tempfile.NamedTemporaryFile with delete=False, creating persistent temporary files that are never removed after the response is served. This endpoint is public and unauthenticated. Affected versions are AutoGPT 0.4.2 through 0.6.51 [2].
Exploitation
An unauthenticated attacker can repeatedly call the endpoint with a valid store_listing_version_id (which are publicly discoverable via the /agents endpoint) to generate an unbounded number of temporary files. The advisory [2] provides a proof-of-concept loop of curl requests that fills the host's temporary storage. No authentication or special privileges are required.
Impact
Successful exploitation exhausts the server's disk space, causing "No space left on device" errors. This leads to failures in the database and other system services, rendering the entire AutoGPT Platform backend unavailable to all users — a complete denial of service [2].
Mitigation
The issue has been patched in version 0.6.52 [1]. Users should upgrade to this release immediately. No workarounds are documented in the available references.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: >=0.4.2, <=0.6.51
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.