CVE-2026-33232: CWE-459: Incomplete Cleanup in Significant-Gravitas AutoGPT
AutoGPT versions 0. 4. 2 through 0. 6. 51 contain a vulnerability that allows unauthenticated attackers to cause a Denial of Service (DoS) by exhausting server disk space. The issue arises because the download_agent_file endpoint creates temporary files for each request but does not delete them afterward. This leads to uncontrolled disk space consumption, which can cause database or system service failures due to 'No space left on device' errors, rendering the backend unavailable. The vulnerability is fixed in version 0. 6. 52.
AI Analysis
Technical Summary
CVE-2026-33232 affects Significant-Gravitas AutoGPT versions 0.4.2 through 0.6.51. The vulnerability is an incomplete cleanup issue (CWE-459) where the download_agent_file endpoint generates persistent temporary files on each request but fails to remove them after serving. This flaw enables an unauthenticated attacker to repeatedly invoke the endpoint, causing disk space exhaustion (CWE-400) and resulting in Denial of Service (DoS) by disrupting database and system services (CWE-770). The vulnerability has a CVSS 3.1 score of 7.5 (high severity) and is resolved in version 0.6.52.
Potential Impact
An unauthenticated attacker can exploit this vulnerability to exhaust the server's disk space by repeatedly calling the affected endpoint. This leads to failures in the database and other system services due to lack of disk space, causing the AutoGPT backend to become unavailable to all users. There is no impact on confidentiality or integrity reported, only availability is affected.
Mitigation Recommendations
A patch is available in AutoGPT version 0.6.52 that addresses this vulnerability by ensuring proper cleanup of temporary files. Users should upgrade to version 0.6.52 or later to remediate this issue. Since this is not a cloud service, remediation depends on applying this update. No other vendor advisory or temporary fixes are provided.
CVE-2026-33232: CWE-459: Incomplete Cleanup in Significant-Gravitas AutoGPT
Description
AutoGPT versions 0. 4. 2 through 0. 6. 51 contain a vulnerability that allows unauthenticated attackers to cause a Denial of Service (DoS) by exhausting server disk space. The issue arises because the download_agent_file endpoint creates temporary files for each request but does not delete them afterward. This leads to uncontrolled disk space consumption, which can cause database or system service failures due to 'No space left on device' errors, rendering the backend unavailable. The vulnerability is fixed in version 0. 6. 52.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-33232 affects Significant-Gravitas AutoGPT versions 0.4.2 through 0.6.51. The vulnerability is an incomplete cleanup issue (CWE-459) where the download_agent_file endpoint generates persistent temporary files on each request but fails to remove them after serving. This flaw enables an unauthenticated attacker to repeatedly invoke the endpoint, causing disk space exhaustion (CWE-400) and resulting in Denial of Service (DoS) by disrupting database and system services (CWE-770). The vulnerability has a CVSS 3.1 score of 7.5 (high severity) and is resolved in version 0.6.52.
Potential Impact
An unauthenticated attacker can exploit this vulnerability to exhaust the server's disk space by repeatedly calling the affected endpoint. This leads to failures in the database and other system services due to lack of disk space, causing the AutoGPT backend to become unavailable to all users. There is no impact on confidentiality or integrity reported, only availability is affected.
Mitigation Recommendations
A patch is available in AutoGPT version 0.6.52 that addresses this vulnerability by ensuring proper cleanup of temporary files. Users should upgrade to version 0.6.52 or later to remediate this issue. Since this is not a cloud service, remediation depends on applying this update. No other vendor advisory or temporary fixes are provided.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-18T02:42:27.507Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0bbb23ec166c07b029a35e
Added to database: 5/19/2026, 1:21:39 AM
Last enriched: 5/19/2026, 1:36:43 AM
Last updated: 5/19/2026, 3:41:05 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.