Superagi

SuperAGI <=0.0.14 SSRF via WebScraperTool
CVE-2026-6616 6.3 - Medium - April 20, 2026

A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extract_with_bs4/extract_with_3k/extract_with_lxml of the file superagi/helper/webpage_extractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SSRF

Remote Path Traversal in SuperAGI <=0.0.14 Multipart Upload via Name
CVE-2026-6615 7.3 - High - April 20, 2026

A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the component Multipart Upload Handler. This manipulation of the argument Name causes path traversal. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Directory traversal

Auth Bypass in SuperAGI <=0.0.14 get_project function remote
CVE-2026-6614 6.3 - Medium - April 20, 2026

A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function get_project/update_project/get_projects_organisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Insecure Direct Object Reference / IDOR

SuperAGI 0.0.14 Auth Bypass via agent_id in agent.py
CVE-2026-6613 6.3 - Medium - April 20, 2026

A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function delete_agent/stop_schedule/get_schedule_data of the file superagi/controllers/agent.py. The manipulation of the argument agent_id leads to authorization bypass. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Insecure Direct Object Reference / IDOR

Auth Bypass in SuperAGI <=0.0.14 Agent Exec Endpoint
CVE-2026-6612 6.3 - Medium - April 20, 2026

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function get_agent_execution/update_agent_execution of the file superagi/controllers/agent_execution.py of the component Agent Execution Endpoint. Executing a manipulation of the argument agent_execution_id can lead to authorization bypass. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Insecure Direct Object Reference / IDOR

TransformerOptimus SuperAGI 0.0.14 Auth Bypass via Budget Endpoint
CVE-2026-6586 6.3 - Medium - April 19, 2026

A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Insecure Direct Object Reference / IDOR

SuperAGI 0.0.14 Org Update Auth Bypass
CVE-2026-6585 5.4 - Medium - April 19, 2026

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisation_id causes authorization bypass. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Insecure Direct Object Reference / IDOR

SuperAGI 0.0.14 User Update Auth Bypass
CVE-2026-6584 5.4 - Medium - April 19, 2026

A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument user_id results in authorization bypass. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Insecure Direct Object Reference / IDOR

TransformerOptimus SuperAGI API Key Auth Byp > 0.0.14
CVE-2026-6583 5.4 - Medium - April 19, 2026

A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Insecure Direct Object Reference / IDOR

TransformerOptimus SuperAGI <=0.0.14 VectorDB Auth Bypass
CVE-2026-6582 7.3 - High - April 19, 2026

A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Missing Authentication for Critical Function

Python RCE via eval in TransformerOptimus SuperAGI 0.0.14 AgentTemplate
CVE-2025-51472 - July 22, 2025

Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template configurations such as the goal, constraints, or instruction field, which are evaluated using eval() without validation during template loading or updates.

SuperAGI 0.0.14 AFO via Unsanitized Upload
CVE-2025-51475 - July 22, 2025

Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join() and lack of path validation in get_root_input_dir().

SuperAGI 0.0.14 EmailToolKit Path Traversal via download_attachment
CVE-2025-6280 9.8 - Critical - June 19, 2025

A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used.

Directory traversal

SuperAGI 0.0.14 API exposes password plaintext via /api/users/get/{id}
CVE-2024-9418 - March 20, 2025

In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover.

Unprotected Storage of Credentials

TransformerOptimus SuperAGI 0.0.14: Path Traversal in File Upload
CVE-2024-9415 - March 20, 2025

A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to the server, potentially leading to remote code execution or overwriting any file on the server.

Directory traversal

SuperAGI v0.0.14 Improper Privilege Management Enables Account Takeover
CVE-2024-9431 - March 20, 2025

In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, leading to potential account takeover.

Unverified Password Change

Info Disclosure via /get/organisation in SuperAGI
CVE-2024-9447 - March 20, 2025

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any organization. This could lead to unauthorized access to services and significant data breaches or financial loss.

Exposure of Sensitive Information Through Metadata

Info Disclosure in SuperAGI Registration Endpoint
CVE-2024-10267 - March 20, 2025

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all information associated with the existing account. The vulnerable endpoint is located in the user registration functionality.

Privacy violation

IDOR in Superagi v0.0.14: Unauthorized Access via /get/user/*
CVE-2024-12048 - March 20, 2025

An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization. Affected endpoints include but are not limited to /get/project/{project_id}, /get/schedule_data/{agent_id}, /delete/{agent_id}, /get/organisation/{organisation_id}, and /get/user/{user_id}.

Insecure Direct Object Reference / IDOR

SuperAGI 0.0.14 Unauthenticated DoS via Boundary Tail in Multipart Upload
CVE-2024-9437 - March 20, 2025

SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request causes the server to continuously process each character. This leads to excessive resource consumption and renders the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.

Allocation of Resources Without Limits or Throttling

SuperAGI RCE via Eval in Agent Template API
CVE-2024-9439 - March 20, 2025

SuperAGI is vulnerable to remote code execution in the latest version. The `agent template update` API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks in place. This vulnerability can lead to full system compromise.

Code Injection

SuperAGI v0.0.13 Hardcoded Encryption Key Info Disclosure
CVE-2023-48055 7.5 - High - November 16, 2023

SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications.

Use of Hard-coded Credentials