CVE-2026-33235
Received Received - Intake
BaseFortify

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: GitHub, Inc.

Description
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service (DoS) attack. While the backend implements a SandboxedEnvironment to prevent unauthorized attribute access (e.g., blocking __class__), it fails to limit the computational complexity or execution time of the expressions. An attacker can input computationally expensive Python/Jinja2 expressions that consume the server's CPU and memory, leading to a complete system hang or crash. In multi-tenant or self-hosted environments, this results in a complete service outage and "noisy neighbor" effects that require manual administrative intervention to recover. This issue has been fixed in version 0.6.52.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-33235
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
autogpt autogpt to 0.6.52 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the Fill Text Template block in AutoGPT versions prior to 0.6.52. Although the backend uses a SandboxedEnvironment to block unauthorized attribute access, it does not limit the computational complexity or execution time of expressions. An attacker can exploit this by submitting computationally expensive Python or Jinja2 expressions that consume excessive CPU and memory resources.

As a result, the server can hang or crash, causing a Denial of Service (DoS) condition.

Impact Analysis

The vulnerability can lead to a complete system hang or crash due to resource exhaustion caused by expensive computations.

In multi-tenant or self-hosted environments, this can cause a full service outage and "noisy neighbor" effects, where one tenant's actions degrade the service for others.

Recovery requires manual administrative intervention, which can lead to downtime and operational disruption.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade AutoGPT to version 0.6.52 or later, where the issue has been fixed.

This update addresses the problem by limiting the computational complexity and execution time of expressions in the Fill Text Template block, preventing Denial of Service attacks caused by expensive Python/Jinja2 expressions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33235. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart