Medium severity5.4NVD Advisory· Published Apr 20, 2026· Updated Apr 29, 2026

CVE-2026-6585

Description

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisation_id causes authorization bypass. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/YLChen-007/88ea045efa387ab0b93f6dd2f797e653nvd
vuldb.com/submit/791076nvd
vuldb.com/vuln/358220nvd
vuldb.com/vuln/358220/ctinvd

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000