Medium severity6.3NVD Advisory· Published Apr 20, 2026· Updated Apr 29, 2026

CVE-2026-6614

Description

A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function get_project/update_project/get_projects_organisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

TrueFoundry/Superagiinferred
Range: <=0.0.14

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/YLChen-007/ac40da2253c7364d043c0dfe3275190bnvd
vuldb.com/submit/791082nvd
vuldb.com/vuln/358249nvd
vuldb.com/vuln/358249/ctinvd

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000