The vulnerability CVE-2026-24780 affects Significant-Gravitas AutoGPT, a platform for managing continuous AI agents automating workflows. Versions from 0.1.0 up to but not including 0.6.44 have a critical authorization flaw in their block execution endpoints (both main web API and external API). These endpoints allow execution of blocks identified by UUID without verifying whether the block is disabled. Specifically, the disabled 'BlockInstallationBlock' can be executed by any authenticated user. This block writes arbitrary Python code to the server filesystem and executes it using Python's __import__() function, resulting in remote code execution (RCE). In default self-hosted deployments where Supabase signup is enabled, attackers can self-register and exploit this vulnerability without prior credentials. In hosted environments where signup is disabled, attackers must have valid accounts. The vulnerability stems from CWE-863 (Incorrect Authorization), CWE-94 (Improper Control of Generation of Code), and CWE-276 (Incorrect Default Permissions). The CVSS 4.0 score is 8.6 (high severity) reflecting network attack vector, low attack complexity, no user interaction, and high impact on confidentiality, integrity, and availability. No known exploits are reported in the wild yet. The vendor fixed the issue in autogpt-platform-beta-v0.6.44 by enforcing authorization checks on block execution endpoints and disabling execution of dangerous blocks.

For European organizations, this vulnerability poses a significant risk if they deploy vulnerable versions of AutoGPT, especially in self-hosted environments with open signup. Successful exploitation allows attackers to execute arbitrary code on the server, potentially leading to full system compromise, data theft, manipulation of AI workflows, disruption of business processes, and lateral movement within networks. Confidentiality is at risk due to unauthorized data access; integrity is compromised by arbitrary code execution; availability can be impacted by destructive payloads or denial-of-service conditions. Organizations relying on AutoGPT for critical automation or AI-driven decision-making could face operational outages or reputational damage. The ease of exploitation in self-hosted setups with enabled signup increases the threat surface. Even hosted environments are at risk if attackers gain legitimate credentials. The lack of known exploits currently provides a window for proactive mitigation before widespread attacks occur.

European organizations should immediately upgrade all AutoGPT deployments to version 0.6.44 or later to apply the official patch that enforces proper authorization checks. For self-hosted instances, disable Supabase signup or restrict it to trusted users only to prevent unauthorized registrations. Implement strict access controls and monitor authentication logs for suspicious activity. Employ network segmentation to isolate AutoGPT servers from critical infrastructure. Use runtime application self-protection (RASP) or endpoint detection and response (EDR) tools to detect anomalous code execution behaviors. Regularly audit AI workflow configurations and disable any unnecessary or potentially dangerous blocks. Conduct penetration testing focusing on API endpoints to verify authorization enforcement. Maintain up-to-date backups and incident response plans tailored for AI platform compromises. Finally, educate developers and administrators about secure deployment practices for AI automation platforms.