CVE-2026-26020 – This vulnerability allows authenticated users o... (How to Fix)

Q: What is the severity of CVE-2026-26020?

CVE-2026-26020 has a CVSS score of 8.8 (HIGH). This vulnerability allows authenticated users of AutoGPT to execute arbitrary code on the backend server by bypassing disabled block restrictions. Attackers can embed the BlockInstallationBlock in a graph despite its disabled flag, leading to remote code execution. All AutoGPT instances running versions before 0.6.48 with authenticated users are affected.

📋 TL;DR

This vulnerability allows authenticated users of AutoGPT to execute arbitrary code on the backend server by bypassing disabled block restrictions. Attackers can embed the BlockInstallationBlock in a graph despite its disabled flag, leading to remote code execution. All AutoGPT instances running versions before 0.6.48 with authenticated users are affected.

💻 Affected Systems

Products:

AutoGPT

Versions: All versions prior to 0.6.48

Operating Systems: All platforms running AutoGPT

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access; the vulnerability exists in the graph validation logic.

📦 What is this software?

Autogpt Platform by Agpt

View all CVEs affecting Autogpt Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the AutoGPT backend server, allowing attackers to execute arbitrary commands, steal data, install malware, or pivot to other systems.

🟠

Likely Case

Authenticated users (including malicious insiders or compromised accounts) gain unauthorized code execution capabilities, potentially leading to data exfiltration or system manipulation.

🟢

If Mitigated

With proper authentication controls and network segmentation, impact is limited to the AutoGPT application server only.

🌐 Internet-Facing: HIGH if AutoGPT is exposed to the internet with authenticated user access.

🏢 Internal Only: MEDIUM as it requires authenticated access but could be exploited by malicious insiders or compromised accounts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires understanding of AutoGPT's graph structure and authenticated access; the advisory provides technical details but no public exploit code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.6.48

Vendor Advisory: https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-4crw-9p35-9x54

Restart Required: No

Instructions:

1. Update AutoGPT to version 0.6.48 or later. 2. Use pip: 'pip install --upgrade autogpt-platform==0.6.48'. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable graph creation/modification

all

Temporarily restrict users from creating or modifying graphs to prevent exploitation.

Enhanced authentication monitoring

all

Implement strict authentication controls and monitor for unusual graph creation activities.

🧯 If You Can't Patch

Restrict user permissions to only trusted administrators
Implement network segmentation to isolate AutoGPT from critical systems

🔍 How to Verify

Check if Vulnerable:

Check if AutoGPT version is below 0.6.48 and if users can create/modify graphs.

Check Version:

python -c "import autogpt; print(autogpt.__version__)" or check package manager

Verify Fix Applied:

Confirm AutoGPT version is 0.6.48 or higher and test that disabled blocks cannot be embedded in graphs.

📡 Detection & Monitoring

Log Indicators:

Unusual graph creation/modification events
Execution of BlockInstallationBlock in logs
Authentication logs showing unexpected user activity

Network Indicators:

Unusual outbound connections from AutoGPT server
Unexpected process execution patterns

SIEM Query:

source="autogpt" AND (event="graph_creation" OR event="block_execution") | stats count by user

📊 Metadata

CVE ID: CVE-2026-26020

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-285

EPSS Score: 0.08% exploit probability (22.7th percentile)

Published: February 12, 2026

Last Updated: February 17, 2026

🔗 References

https://github.com/Significant-Gravitas/AutoGPT/commit/062fe1aa709217136b896c8b950e0f04435afb32 Patch
https://github.com/Significant-Gravitas/AutoGPT/releases/tag/autogpt-platform-beta-v0.6.48 Release Notes
https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-4crw-9p35-9x54 Vendor Advisory,Mitigation

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-26020, you might also want to check these: