Significant-Gravitas AutoGPT
Moderate fix1 remedy
cpe:2.3:a:agpt:autogpt:*:*:*:*:*:*:*
Moderate fix1 remedy
- >= 0.4.0, <= 0.6.15
AutoGPT Regular Expression Denial-of-Service Vulnerability in Code Extraction Block
Vulnerability
Patched
A Regular Expression Denial-of-Service (ReDoS) vulnerability has been identified in AutoGPT versions prior to 0.6.32. The issue arises in the Code Extraction Block, where two regular expressions are crafted in a way that allows an attacker to exploit excessive backtracking. This can be achieved by sending a long sequence of space characters, leading to high CPU usage and potential application downtime, creating a Denial-of-Service scenario.
Impact
Exploitation of this vulnerability causes high CPU usage and application downtime, leading to a Denial-of-Service condition.
Reproduction
To reproduce this vulnerability, create a Code Extraction Block and input a payload that includes a large number of space characters within a code block. Save the agent and run it. The application will experience significant delays, with larger inputs causing even more prolonged processing times. This can be automated with a Python script that generates a payload of spaced characters and saves it to a file, which can then be uploaded to the Code Extraction Block.
Remediation
Users can update to AutoGPT version 0.6.32 or later, where this vulnerability has been fixed.
Added: Feb 11, 2026, 12:57 AM
Updated: Feb 11, 2026, 12:57 AM
Vulnerability Rating
Custom Algorithm
spread
4.2impact
2.5exploitability
6.0remediation
7.7relevance
2.9threat
6.4urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.