CVE-2026-33232
Unauthenticated DoS via Disk Space Exhaustion in AutoGPT
Publication date: 2026-05-19
Last updated on: 2026-05-19
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| significant_gravitas | autogpt_platform_backend | From 0.4.2 (inc) to 0.6.51 (inc) |
| significant_gravitas | autogpt_platform_backend | 0.6.52 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-459 | The product does not properly "clean up" and remove temporary or supporting resources after they have been used. |
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-33232 is a high-severity Denial of Service (DoS) vulnerability in the AutoGPT server affecting versions 0.4.2 through 0.6.51 of the autogpt-platform-backend package.
The vulnerability arises because the download_agent_file endpoint creates persistent temporary files for every request but fails to delete them after serving the files.
Since this endpoint is unauthenticated and publicly accessible, an attacker can repeatedly call it to accumulate these temporary files, exhausting the server's disk space.
This disk space exhaustion causes the database or other system services to fail with "No space left on device" errors, rendering the entire AutoGPT backend unavailable.
The issue has been patched in version 0.6.52.
How can this vulnerability impact me? :
This vulnerability can cause a Denial of Service (DoS) on the AutoGPT platform backend by exhausting the server's disk space.
As a result, critical services such as the database and other system components may fail due to "No space left on device" errors.
This leads to complete unavailability of the AutoGPT backend for all users, disrupting workflow automation and AI agent management.
Because the attack requires no authentication or user interaction, it can be easily exploited remotely.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the accumulation of persistent temporary files created by the download_agent_file endpoint in the system's temporary directory. Since the endpoint creates files without deleting them, a growing number of files or rapid disk space consumption in the temporary directory may indicate exploitation attempts.
To detect this on your system, you can check the number and size of temporary files in the directory used by AutoGPT for temporary storage.
- Use commands like `ls -lh /tmp` or the specific temp directory to list files and their sizes.
- Use `du -sh /tmp` to check the total disk space used by temporary files.
- Monitor disk space usage with `df -h` to detect if disk space is being exhausted.
- Check for repeated requests to the download_agent_file endpoint in server logs to identify potential abuse.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the AutoGPT platform backend to version 0.6.52 or later, where this vulnerability has been patched.
Until the upgrade can be applied, consider restricting access to the download_agent_file endpoint to trusted users or IP addresses to prevent unauthenticated exploitation.
Additionally, monitor disk space usage closely and clean up accumulated temporary files manually if necessary to prevent service disruption.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.