Significant-Gravitas AutoGPT
Moderate fix1 remedy
cpe:2.3:a:agpt:autogpt:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= autogpt-platform-beta-v0.6.33
AutoGPT Server-Side Request Forgery Vulnerability in Discord File Sending Block
Vulnerability
Patched
A server-side request forgery (SSRF) vulnerability has been identified in AutoGPT versions through autogpt-platform-beta-v0.6.33. The issue arises in the SendDiscordFileBlock, where the third-party library aiohttp.ClientSession().get is used to access user-provided URLs without proper validation. This oversight allows attackers to exploit the vulnerability by sending requests to internal services.
Impact
Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal or external resources, potentially leading to unauthorized data access or interaction with internal services.
Reproduction
To reproduce this vulnerability, upload a file by providing a URL that starts with 'http://' or 'https://'. The file will be downloaded using an unvalidated request, allowing access to internal services.
Remediation
Users can update to AutoGPT version autogpt-platform-beta-v0.6.34, where this vulnerability has been patched.
Added: Feb 4, 2026, 11:30 PM
Updated: Feb 4, 2026, 11:30 PM
Vulnerability Rating
Custom Algorithm
spread
4.2impact
0.6exploitability
5.5remediation
7.7relevance
2.7threat
6.4urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.