CVE-2026-24780

CVE-2026-24780 affects the AutoGPT Platform, a system for creating, deploying, and managing continuous artificial intelligence agents that automate complex workflows. In versions prior to autogpt-platform-beta-v0.6.44, the block execution endpoints in both the main web API and external API permit execution of blocks identified by UUID without verifying the `disabled` flag. This flaw allows authenticated users to invoke the disabled `BlockInstallationBlock`, which writes arbitrary Python code to the server filesystem and executes it using `__import__()`, resulting in remote code execution. The vulnerability is classified under CWE-94 (code injection), CWE-276 (incorrect default permissions), and CWE-863 (incorrect authorization).

Any low-privileged authenticated user can exploit this vulnerability over the network with low complexity and no user interaction required. In default self-hosted deployments where Supabase signup is enabled, attackers can self-register an account to gain authentication. If signup is disabled, such as in hosted environments, an existing account is necessary. Successful exploitation grants attackers full remote code execution on the server, enabling high confidentiality, integrity, and availability impacts as reflected in the CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

The provided GitHub references point to the vulnerable code in routes.py, features/v1.py, block.py, and data/block.py, illustrating the lack of disabled flag checks and the BlockInstallationBlock implementation. Mitigation requires upgrading to autogpt-platform-beta-v0.6.44 or later, which addresses the issue by enforcing proper checks on disabled blocks.

This vulnerability is particularly relevant in AI/ML contexts, as AutoGPT Platform is designed for deploying autonomous AI agents, potentially amplifying risks in environments automating sensitive workflows. No public evidence of real-world exploitation is available at this time.