CVE-2026-6613
Authorization Bypass in TransformerOptimus SuperAGI Agent Controller
Publication date: 2026-04-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| transformeroptimus | superagi | to 0.0.14 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-6613 is an authorization bypass vulnerability that allows authenticated users to access and manipulate agents and schedules belonging to other organizations without proper authorization checks.
This unauthorized access and manipulation can lead to data destruction, service disruption, and information disclosure across organizational boundaries.
Such unauthorized access and potential data exposure or destruction can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls, data confidentiality, and integrity safeguards.
Can you explain this vulnerability to me?
This vulnerability exists in TransformerOptimus SuperAGI versions up to 0.0.14, specifically in the functions delete_agent, stop_schedule, and get_schedule_data within the file superagi/controllers/agent.py.
The issue arises from manipulation of the argument agent_id, which leads to an authorization bypass, allowing unauthorized users to perform actions they should not be able to.
The attack can be carried out remotely, and an exploit is publicly available.
How can this vulnerability impact me? :
This vulnerability allows an attacker to bypass authorization controls remotely by manipulating the agent_id argument.
As a result, unauthorized users could delete agents, stop schedules, or retrieve schedule data without proper permissions.
This could lead to disruption of services, unauthorized access to sensitive scheduling information, and potential misuse or damage to the system's operation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the affected API endpoints for improper authorization checks. Specifically, you can attempt to access or manipulate agents belonging to other organizations using valid authentication tokens.
- Use a valid JWT token to send a PUT request to the endpoint `/agents/delete/{agent_id}` with an agent_id that does not belong to your organization and observe if the agent is soft deleted.
- Send a POST request to `/stop/schedule` with the `agent_id` of another organization's agent and check if the schedule is stopped without proper authorization.
- Send a GET request to `/get/schedule_data/{agent_id}` for an agent outside your organization and verify if schedule configuration data is returned.
These tests can be performed using command-line tools like curl or HTTP clients such as Postman, including the appropriate authentication headers.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the affected API endpoints to trusted users only and monitoring for suspicious activity involving agent management.
Since the vulnerability arises from missing organization ownership verification, ensure that any requests to delete agents, stop schedules, or retrieve schedule data are properly authorized by verifying the agent's ownership against the authenticated user's organization.
If possible, apply patches or updates from the vendor once available. Until then, consider implementing additional access controls or network-level restrictions to limit exposure.