CVE-2026-33233: CWE-502: Deserialization of Untrusted Data in Significant-Gravitas AutoGPT
AutoGPT versions 0. 6. 34 through 0. 6. 51 contain a deserialization vulnerability where Redis cache data is deserialized using pickle. loads without integrity or authenticity checks. This allows an attacker who can poison a shared Redis cache key to execute arbitrary commands in the backend container, impacting confidentiality, integrity, and availability. The issue is fixed in version 0. 6. 52.
AI Analysis
Technical Summary
The Significant-Gravitas AutoGPT platform versions 0.6.34 to 0.6.51 deserialize Redis cache bytes using Python's pickle.loads without verifying data integrity or authenticity. The backend serializes data with pickle.dumps into Redis and blindly deserializes it on read, lacking HMAC, signatures, or strict schema validation. This unsafe deserialization (CWE-502) enables an attacker with the ability to poison Redis cache keys to execute arbitrary code within the backend container context, compromising confidentiality, integrity, and availability. The vulnerability is tracked as CVE-2026-33233 and has a CVSS 3.1 score of 7.6 (high severity). It is fixed in AutoGPT version 0.6.52.
Potential Impact
Successful exploitation allows arbitrary command execution in the backend container, leading to full compromise of confidentiality, integrity, and availability of the affected system. This can result in unauthorized access, data manipulation, and service disruption.
Mitigation Recommendations
Upgrade AutoGPT to version 0.6.52 or later, where this deserialization vulnerability has been fixed. Until then, restrict access to the Redis cache to trusted entities only to prevent cache poisoning. Patch status is confirmed fixed in 0.6.52.
CVE-2026-33233: CWE-502: Deserialization of Untrusted Data in Significant-Gravitas AutoGPT
Description
AutoGPT versions 0. 6. 34 through 0. 6. 51 contain a deserialization vulnerability where Redis cache data is deserialized using pickle. loads without integrity or authenticity checks. This allows an attacker who can poison a shared Redis cache key to execute arbitrary commands in the backend container, impacting confidentiality, integrity, and availability. The issue is fixed in version 0. 6. 52.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Significant-Gravitas AutoGPT platform versions 0.6.34 to 0.6.51 deserialize Redis cache bytes using Python's pickle.loads without verifying data integrity or authenticity. The backend serializes data with pickle.dumps into Redis and blindly deserializes it on read, lacking HMAC, signatures, or strict schema validation. This unsafe deserialization (CWE-502) enables an attacker with the ability to poison Redis cache keys to execute arbitrary code within the backend container context, compromising confidentiality, integrity, and availability. The vulnerability is tracked as CVE-2026-33233 and has a CVSS 3.1 score of 7.6 (high severity). It is fixed in AutoGPT version 0.6.52.
Potential Impact
Successful exploitation allows arbitrary command execution in the backend container, leading to full compromise of confidentiality, integrity, and availability of the affected system. This can result in unauthorized access, data manipulation, and service disruption.
Mitigation Recommendations
Upgrade AutoGPT to version 0.6.52 or later, where this deserialization vulnerability has been fixed. Until then, restrict access to the Redis cache to trusted entities only to prevent cache poisoning. Patch status is confirmed fixed in 0.6.52.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-18T02:42:27.507Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0bbb23ec166c07b029a362
Added to database: 5/19/2026, 1:21:39 AM
Last enriched: 5/19/2026, 1:36:35 AM
Last updated: 5/19/2026, 3:39:11 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.