CVE-2024-9439 – SuperAGI's latest version contains a critical r... (How to Fix)

Q: What is the severity of CVE-2024-9439?

CVE-2024-9439 has a CVSS score of 8.8 (HIGH). SuperAGI's latest version contains a critical remote code execution vulnerability in the agent template update API. Attackers can inject malicious code through unsanitized parameters that get executed via eval(), potentially compromising the entire system. All users running vulnerable SuperAGI instances are affected.

📋 TL;DR

SuperAGI's latest version contains a critical remote code execution vulnerability in the agent template update API. Attackers can inject malicious code through unsanitized parameters that get executed via eval(), potentially compromising the entire system. All users running vulnerable SuperAGI instances are affected.

💻 Affected Systems

Products:

SuperAGI

Versions: Latest version (specific version not specified in CVE)

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using the vulnerable API endpoint are affected regardless of configuration.

📦 What is this software?

Superagi by Superagi

View all CVEs affecting Superagi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to execute arbitrary commands, steal sensitive data, install malware, pivot to other systems, and maintain persistent access.

🟠

Likely Case

Remote code execution leading to data exfiltration, service disruption, and installation of backdoors or cryptocurrency miners.

🟢

If Mitigated

Limited impact with proper network segmentation, minimal privileges, and monitoring detecting exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires API access but the vulnerability is in a core function with clear attack vector.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check SuperAGI repository for latest patched version

Vendor Advisory: https://huntr.com/bounties/d710884f-b5ab-4b31-a2e6-e4b38488def1

Restart Required: No

Instructions:

1. Update SuperAGI to the latest patched version from official repository. 2. Verify the eval() function is no longer used with unsanitized user input in agent template update API.

🔧 Temporary Workarounds

Disable vulnerable API endpoint

all

Temporarily disable or block access to the agent template update API endpoint

# Configure firewall/WAF to block requests to /api/agent-template-update or similar endpoint

Input validation middleware

all

Implement strict input validation for all API parameters

# Add input sanitization before eval() calls in code

🧯 If You Can't Patch

Implement strict network segmentation to isolate SuperAGI instances
Deploy WAF with RCE protection rules and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Review code for eval() usage with unsanitized user input in agent template update functionality

Check Version:

Check SuperAGI version in configuration or via package manager

Verify Fix Applied:

Test that eval() is either removed or properly sanitized in the patched version

📡 Detection & Monitoring

Log Indicators:

Unusual API calls to agent template update endpoint
Suspicious command execution in logs
Error messages containing eval() failures

Network Indicators:

Unusual outbound connections from SuperAGI host
Traffic patterns suggesting data exfiltration

SIEM Query:

source="superagi" AND (api_endpoint="*agent-template-update*" OR message="*eval*" OR message="*RCE*")

📊 Metadata

CVE ID: CVE-2024-9439

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 0.64% exploit probability (69.9th percentile)

Published: March 20, 2025

Last Updated: July 14, 2025

🔗 References

https://huntr.com/bounties/d710884f-b5ab-4b31-a2e6-e4b38488def1 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9439, you might also want to check these: