CVE-2026-30950: CWE-862: Missing Authorization in Significant-Gravitas AutoGPT
AutoGPT versions 0. 6. 36 through 0. 6. 50 contain a missing authorization vulnerability in the PATCH /sessions/{session_id}/assign-user endpoint. Authenticated attackers who know another user's session_id can hijack that session by reassigning it to themselves, allowing them to read messages and lock out the legitimate user. This occurs because the service authenticates the caller but does not verify session ownership, treating user_id=None as a privileged call that bypasses ownership checks. The vulnerability is fixed in version 0. 6. 51.
AI Analysis
Technical Summary
CVE-2026-30950 is a missing authorization vulnerability (CWE-862) in Significant-Gravitas AutoGPT, affecting versions 0.6.36 through 0.6.50. The PATCH /sessions/{session_id}/assign-user endpoint authenticates users but fails to verify that the caller owns the session being reassigned. The service layer passes user_id=None to the data access layer, which interprets this as a privileged call, bypassing ownership filters. This allows any authenticated user who can determine another user's session_id to hijack that session, read its messages, and lock out the legitimate user. The issue is resolved in version 0.6.51.
Potential Impact
An authenticated attacker can hijack another user's session by exploiting an Insecure Direct Object Reference (IDOR) vulnerability, gaining unauthorized access to session messages and disrupting the legitimate user's access by locking them out. This compromises confidentiality and availability of session data. The CVSS 3.1 base score is 7.1 (high), reflecting network attack vector, low attack complexity, required privileges, no user interaction, unchanged scope, high confidentiality impact, no integrity impact, and low availability impact.
Mitigation Recommendations
Upgrade AutoGPT to version 0.6.51 or later, where the vulnerability has been patched. This update enforces proper session ownership verification in the PATCH /sessions/{session_id}/assign-user endpoint, preventing unauthorized session reassignment. No additional mitigations are indicated by the vendor advisory.
CVE-2026-30950: CWE-862: Missing Authorization in Significant-Gravitas AutoGPT
Description
AutoGPT versions 0. 6. 36 through 0. 6. 50 contain a missing authorization vulnerability in the PATCH /sessions/{session_id}/assign-user endpoint. Authenticated attackers who know another user's session_id can hijack that session by reassigning it to themselves, allowing them to read messages and lock out the legitimate user. This occurs because the service authenticates the caller but does not verify session ownership, treating user_id=None as a privileged call that bypasses ownership checks. The vulnerability is fixed in version 0. 6. 51.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-30950 is a missing authorization vulnerability (CWE-862) in Significant-Gravitas AutoGPT, affecting versions 0.6.36 through 0.6.50. The PATCH /sessions/{session_id}/assign-user endpoint authenticates users but fails to verify that the caller owns the session being reassigned. The service layer passes user_id=None to the data access layer, which interprets this as a privileged call, bypassing ownership filters. This allows any authenticated user who can determine another user's session_id to hijack that session, read its messages, and lock out the legitimate user. The issue is resolved in version 0.6.51.
Potential Impact
An authenticated attacker can hijack another user's session by exploiting an Insecure Direct Object Reference (IDOR) vulnerability, gaining unauthorized access to session messages and disrupting the legitimate user's access by locking them out. This compromises confidentiality and availability of session data. The CVSS 3.1 base score is 7.1 (high), reflecting network attack vector, low attack complexity, required privileges, no user interaction, unchanged scope, high confidentiality impact, no integrity impact, and low availability impact.
Mitigation Recommendations
Upgrade AutoGPT to version 0.6.51 or later, where the vulnerability has been patched. This update enforces proper session ownership verification in the PATCH /sessions/{session_id}/assign-user endpoint, preventing unauthorized session reassignment. No additional mitigations are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-07T17:34:39.980Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0b9477ec166c07b0044100
Added to database: 5/18/2026, 10:36:39 PM
Last enriched: 5/18/2026, 10:51:36 PM
Last updated: 5/19/2026, 1:14:45 AM
Views: 16
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.