CVE-2026-45023
Credit Exhaustion Bypass in AutoGPT Workflow Automation
Publication date: 2026-05-28
Last updated on: 2026-05-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| autogpt | autogpt | to 0.6.59 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-841 | The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence. |
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in AutoGPT versions prior to 0.6.59. The POST /api/blocks/{block_id}/execute endpoint allows execution of blocks without checking or consuming user credits. Normally, credit consumption is enforced in the graph execution path, but this check is bypassed when blocks are executed directly via the external API. As a result, users can execute an unlimited number of blocks for free.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized free usage of AutoGPT's block execution functionality, potentially causing financial loss to the service provider due to unbilled usage. Additionally, it may allow users to consume resources excessively, which could degrade service performance or availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade AutoGPT to version 0.6.59 or later where the issue is fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated users to bypass the platform's billing and rate-limiting mechanisms, enabling unlimited free execution of all blocks without credit consumption.
This improper enforcement of resource allocation and behavioral workflow could potentially lead to unauthorized or unmonitored actions within the system.
However, there is no direct information provided about how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and testing the behavior of the POST /api/blocks/{block_id}/execute endpoint in AutoGPT versions prior to 0.6.59. Specifically, you can check if executing blocks via this API endpoint consumes credits or not.
A practical approach is to authenticate as a user and repeatedly call the POST /api/blocks/{block_id}/execute endpoint with a valid block_id, then observe if the user's credit balance decreases accordingly. If credits are not deducted, the system is vulnerable.
Suggested commands (using curl) to test the vulnerability might look like this:
- Authenticate and obtain a valid token (example command depends on your authentication method).
- Use curl to execute a block via the vulnerable endpoint:
- curl -X POST "https://your-autogpt-instance/api/blocks/{block_id}/execute" -H "Authorization: Bearer YOUR_TOKEN" -H "Content-Type: application/json"
- Check the user's credit balance before and after the request to see if it has decreased.
If the credit balance remains unchanged after multiple executions, the system is vulnerable to CVE-2026-45023.