Significant-Gravitas AutoGPT
Moderate fix1 remedy
cpe:2.3:a:agpt:autogpt:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= autogpt-platform-beta-v0.6.1
AutoGPT ReadRSSFeedBlock Denial-of-Service Vulnerability
Vulnerability
Patched
A denial-of-service vulnerability has been identified in the ReadRSSFeedBlock component of AutoGPT, prior to version 0.6.32. The issue arises because the feedparser is used to parse XML from user-provided URLs without any limits on parsing time or resource allocation. This can be exploited by sending a deeply nested XML file, which exhausts memory resources and causes the application to become unresponsive. The vulnerability has been patched in version 0.6.32.
Impact
Exploitation of this vulnerability leads to memory exhaustion, causing the application to run out of available resources and become unresponsive. This can result in a denial-of-service condition, where the service is unavailable to users.
Reproduction
The vulnerability can be reproduced by using the ReadRSSFeedBlock to parse a carefully crafted XML file that is deep and resource-intensive. This can be done by generating an XML file that exceeds 10MB and contains a large number of nested elements, then providing the URL of this file to the RSS block for parsing.
Remediation
Users can update to AutoGPT version 0.6.32 or later to address this vulnerability.
Added: Feb 5, 2026, 11:23 PM
Updated: Feb 5, 2026, 11:23 PM
Vulnerability Rating
Custom Algorithm
spread
4.2impact
2.5exploitability
6.0remediation
7.7relevance
2.5threat
6.4urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.