Cyber Posture

CVE-2026-33233

High
Microsoft: not affectedMSmacOS: not affectedMacLinux: not affectedLnxMobile: not affectedMobNetwork: not affectedNetApplication: not affectedAppOther: affectedOth

Published: 19 May 2026

Published
19 May 2026
Modified
19 May 2026
KEV Added
Patch
CVSS Score 7.6 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0001 1.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-33233 is a high-severity Code Injection (CWE-94) vulnerability. Its CVSS base score is 7.6 (High).

Operationally, ranked at the 1.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as APIs and Models.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-44 Detonation Chambers
addresses: CWE-502 CWE-94

Untrusted serialized data can be deserialized and observed inside the chamber, blocking gadget-chain exploitation outside the sandbox.

SI-10 Information Input Validation
addresses: CWE-94 CWE-502

Validates inputs used in dynamic code generation to block injected directives.

SI-7 Software, Firmware, and Information Integrity
addresses: CWE-345 CWE-502

Mandates verification of data authenticity for software, firmware, and information.

SR-4 Provenance
addresses: CWE-345 CWE-502

Provenance documentation and monitoring directly enables verification of authenticity for components and data throughout their history.

CA-8 Penetration Testing
addresses: CWE-502

Penetration testing supplies malicious serialized objects, detecting unsafe deserialization and supporting corrective actions.

PT-8 Computer Matching Requirements
addresses: CWE-345

Directly requires independent verification of matching output before adverse decisions, mitigating insufficient authenticity checks on data from external sources.

SA-11 Developer Testing and Evaluation
addresses: CWE-502

Evaluation of untrusted data handling (deserialization testing) reveals unsafe processing, which the required remediation process addresses.

SC-17 Public Key Infrastructure Certificates
addresses: CWE-345

Use of approved PKI certificates provides verifiable data authenticity and origin for communications and artifacts.

NVD Description

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with pickle.dumps(...) into Redis…

more

and the read path blindly invokes pickle.loads(...) on bytes with no HMAC/signature or strict schema validation gating deserialization. If an attacker can poison a shared-cache key in Redis, arbitrary command execution is possible in the backend container context, affecting confidentiality, integrity, and availability. This issue has been fixed in version 0.6.52.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-94CWE-345CWE-502

Affected Products

In
inferred from references and description; NVD did not file a CPE for this CVE

AI Security AnalysisAI

AI Category
APIs and Models
Risk Domain
N/A
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: artificial intelligence

References