CVE-2026-45023
Deferred Deferred - Pending Action
Credit Exhaustion Bypass in AutoGPT Workflow Automation

Publication date: 2026-05-28

Last updated on: 2026-05-29

Assigner: GitHub, Inc.

Description
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/{block_id}/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in the graph execution path (manager.py) is never reached when blocks are called directly via the external API, allowing unlimited free execution of all blocks. This vulnerability is fixed in 0.6.59.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-05-29
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-45023
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
autogpt autogpt to 0.6.59 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
CWE-841 The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in AutoGPT versions prior to 0.6.59. The POST /api/blocks/{block_id}/execute endpoint allows execution of blocks without checking or consuming user credits. Normally, credit consumption is enforced in the graph execution path, but this check is bypassed when blocks are executed directly via the external API. As a result, users can execute an unlimited number of blocks for free.

Impact Analysis

This vulnerability can lead to unauthorized free usage of AutoGPT's block execution functionality, potentially causing financial loss to the service provider due to unbilled usage. Additionally, it may allow users to consume resources excessively, which could degrade service performance or availability.

Mitigation Strategies

To mitigate this vulnerability, upgrade AutoGPT to version 0.6.59 or later where the issue is fixed.

Compliance Impact

The vulnerability allows authenticated users to bypass the platform's billing and rate-limiting mechanisms, enabling unlimited free execution of all blocks without credit consumption.

This improper enforcement of resource allocation and behavioral workflow could potentially lead to unauthorized or unmonitored actions within the system.

However, there is no direct information provided about how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability can be detected by monitoring and testing the behavior of the POST /api/blocks/{block_id}/execute endpoint in AutoGPT versions prior to 0.6.59. Specifically, you can check if executing blocks via this API endpoint consumes credits or not.

A practical approach is to authenticate as a user and repeatedly call the POST /api/blocks/{block_id}/execute endpoint with a valid block_id, then observe if the user's credit balance decreases accordingly. If credits are not deducted, the system is vulnerable.

Suggested commands (using curl) to test the vulnerability might look like this:

  • Authenticate and obtain a valid token (example command depends on your authentication method).
  • Use curl to execute a block via the vulnerable endpoint:
  • curl -X POST "https://your-autogpt-instance/api/blocks/{block_id}/execute" -H "Authorization: Bearer YOUR_TOKEN" -H "Content-Type: application/json"
  • Check the user's credit balance before and after the request to see if it has decreased.

If the credit balance remains unchanged after multiple executions, the system is vulnerable to CVE-2026-45023.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45023. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart