CVE-2026-55237
Deferred Deferred - Pending Action
DOM-based XSS in AutoGPT Workflow Automation Platform

Publication date: 2026-06-18

Last updated on: 2026-06-18

Assigner: GitHub, Inc.

Description
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions prior to 0.6.62 have a DOM-based Cross-Site Scripting (XSS) vulnerability in AutoGPT's signup page. The application improperly trusts a URL parameter (`next`), which is passed to `router.push`. An attacker can craft a malicious link that, when opened by an authenticated user, performs a client-side redirect and executes arbitrary JavaScript in the context of their browser. This could lead to credential theft, internal network pivoting, and unauthorized actions performed on behalf of the victim. Version 0.6.62 patches the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-18
Last Modified
2026-06-18
Generated
2026-06-19
AI Q&A
2026-06-18
EPSS Evaluated
N/A
NVD
CVE-2026-55237
EUVD
EUVD-2026-37915
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
significant_gravitas autogpt to 0.6.62 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-87 The product does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax.
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-55237 is a DOM-based Cross-Site Scripting (XSS) and Open Redirect vulnerability in AutoGPT versions prior to 0.6.62. It occurs on the signup page where the application improperly trusts a URL parameter named `next`. This parameter is passed directly to the routing function `router.push` without proper validation.

An attacker can craft a malicious link containing a `next` parameter with a harmful scheme like `javascript:`. When an authenticated user clicks this link, it triggers execution of arbitrary JavaScript code in their browser context. For unauthenticated users, the malicious script executes after they complete the signup process.

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can have serious impacts including credential theft, where attackers steal user login information by executing malicious scripts in the victim's browser.

It also allows unauthorized actions to be performed on behalf of the victim, potentially compromising user accounts and data.

Additionally, it enables internal network pivoting, meaning attackers could use the compromised user session to access internal systems or resources that would otherwise be protected.

Detection Guidance

This vulnerability can be detected by testing the signup page for improper handling of the `next` URL parameter. Specifically, you can check if the application improperly allows JavaScript schemes in the `next` parameter that lead to client-side redirects and script execution.

One way to detect this is by crafting and visiting a URL similar to: `http://HOST/signup?next=javascript:alert(window.origin)` and observing if an alert box appears or if arbitrary JavaScript executes.

Network monitoring tools can also be used to detect suspicious redirects or script injections triggered by such URLs.

Example commands to test this manually could include using curl or wget to fetch the signup page with the malicious parameter and inspecting the response or behavior in a browser:

  • curl -v "http://HOST/signup?next=javascript:alert(window.origin)"
  • wget --server-response "http://HOST/signup?next=javascript:alert(window.origin)"

Additionally, automated web vulnerability scanners that test for DOM-based XSS and open redirect vulnerabilities can be used to detect this issue.

Mitigation Strategies

The immediate mitigation step is to upgrade AutoGPT to version 0.6.62 or later, where this vulnerability has been patched.

If upgrading is not immediately possible, you should implement validation on the `next` URL parameter to ensure it only allows safe schemes such as `http:` or `https:` and restrict redirection to the same domain.

Avoid passing untrusted input directly to `router.push` or any client-side redirection mechanism without proper sanitization.

Additionally, educate users to be cautious about clicking suspicious links, especially those containing unusual URL parameters.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55237. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart