CVE-2026-56823
Received Received - Intake
Authentication Bypass in AutoGPT Webhook Ping Endpoint

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: GitHub, Inc.

Description
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the `POST /api/integrations/webhooks/{webhook_id}/ping` endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the authenticated user. Any authenticated user can supply an arbitrary webhook_id to confirm webhook existence, leak the webhook's OAuth provider type, and in some cases trigger a ping delivery on behalf of another user. This vulnerability is fixed in .
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-56823
EUVD
EUVD-2026-39797
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
significant_gravitas autogpt_platform to 0.6.64 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The immediate mitigation step is to upgrade the autogpt-platform backend package to version 0.6.64 or later, where the vulnerability is fixed.

Until the upgrade is applied, restrict access to the vulnerable endpoint to trusted users only and monitor for unusual webhook ping activity.

Implement additional access controls or ownership verification on the webhook ping endpoint if possible to prevent unauthorized access.

Executive Summary

The CVE-2026-56823 vulnerability is an Insecure Direct Object Reference (IDOR) issue in the AutoGPT Platform's webhook ping endpoint.

Specifically, the POST /api/integrations/webhooks/{webhook_id}/ping endpoint retrieves a webhook by its primary key without verifying that the webhook belongs to the authenticated user.

This flaw allows any authenticated user to supply an arbitrary webhook_id to confirm if a webhook exists, leak the webhook's OAuth provider type, and in some cases trigger a ping delivery on behalf of another user.

Impact Analysis

This vulnerability can impact you by allowing an authenticated user to:

  • Enumerate webhooks by checking if a webhook exists, potentially revealing information about other users' webhooks.
  • Leak the OAuth provider type associated with a webhook through error messages.
  • Trigger unsolicited ping deliveries to webhook endpoints that do not require credentials, causing spurious webhook events on behalf of other users.

The overall impact on confidentiality and integrity is low, and availability is not affected.

Detection Guidance

This vulnerability can be detected by attempting to access the POST /api/integrations/webhooks/{webhook_id}/ping endpoint with various webhook_id values to check for differences in HTTP responses.

  • Send POST requests to the endpoint with arbitrary webhook_id UUIDs and observe the HTTP status codes: a 200 or 500 response indicates the webhook exists, while a 404 indicates it does not.
  • Analyze error messages returned by the endpoint to identify leaked OAuth provider types, such as ValueError for GitHub or NotImplementedError for others.
  • Example command using curl to test webhook existence: curl -X POST -u <user>:<password> https://<host>/api/integrations/webhooks/<webhook_id>/ping
Compliance Impact

The vulnerability allows any authenticated user to enumerate webhooks, leak OAuth provider types, and trigger unsolicited webhook pings without verifying ownership. This improper access control could lead to unauthorized disclosure of information and potential misuse of webhook endpoints.

Such unauthorized access and information leakage may impact compliance with standards and regulations like GDPR and HIPAA, which require strict controls over access to personal and sensitive data to protect confidentiality and integrity.

However, the confidentiality and integrity impacts are rated as low, and availability is unaffected, indicating a moderate severity level. Organizations using the affected AutoGPT platform versions should consider this vulnerability in their risk assessments and remediation plans to maintain compliance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56823. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart