Medium severity6.3NVD Advisory· Published Apr 20, 2026· Updated Apr 29, 2026

CVE-2026-6586

Description

A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

Transformerstuff/Superagiinferred
Range: <=0.0.14

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/YLChen-007/4b6b95f98aeed927a99d2a76eaf53444nvd
vuldb.com/submit/791077nvd
vuldb.com/vuln/358221nvd
vuldb.com/vuln/358221/ctinvd

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000