CVE-2026-30950
Authenticated Session Hijacking in AutoGPT via IDOR
Publication date: 2026-05-18
Last updated on: 2026-05-19
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| autogpt | autogpt | From 0.6.36 (inc) to 0.6.50 (inc) |
| autogpt | autogpt | 0.6.51 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects AutoGPT versions 0.6.36 through 0.6.50 and is an Authenticated Session Hijacking issue caused by an Insecure Direct Object Reference (IDOR). An authenticated attacker who can determine another user's session_id can take over that session. This allows the attacker to read any messages in the session and lock the legitimate user out.
The root cause is that the PATCH /sessions/{session_id}/assign-user endpoint authenticates the caller but does not verify if the caller owns the session. The service layer calls the session lookup with user_id=None, which the data access layer treats as a privileged call, bypassing ownership checks. This lets any authenticated user reassign any session to themselves.
This vulnerability was fixed in AutoGPT version 0.6.51.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker to hijack another user's session in AutoGPT. The attacker can read all messages within that session and lock the legitimate user out, potentially disrupting workflows and exposing sensitive information.
The impact includes unauthorized access to user data and denial of service to the legitimate user by taking over their session.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade AutoGPT to version 0.6.51 or later, where the issue has been patched.
Until the upgrade is applied, restrict access to the PATCH /sessions/{session_id}/assign-user endpoint to trusted users only, and monitor authenticated sessions for suspicious reassignment activity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an authenticated attacker to hijack another user's session, potentially accessing sensitive information contained in that session and locking the legitimate user out. This unauthorized access to user sessions could lead to exposure of personal or sensitive data.
Such unauthorized access and potential data exposure may impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information and mandate controls to prevent unauthorized access.
However, the provided information does not explicitly discuss compliance implications or specific regulatory impacts.