Description
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AutoGPT's LoopVideoBLock allows users to input a video file and process the video, such as looping it 5 times or extending the time, and finally writing it to disk. However, there is no limit on the resources that can be allocated during execution. For example, the number of loops is user-controllable and unlimited. When a malicious attacker loops too many times, the generated video is too large, and after writing it to disk, the disk space is exhausted, eventually causing DoS. Version 0.6.63 patches the issue.
Published: 2026-06-18
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

AutoGPT allows users to run the LoopVideoBlock on any video file, but the block imposes no limits on the number of loops or on the resulting file size. An attacker can supply a dramatic loop count, causing the system to generate an excessively large video and eventually exhaust disk space, which results in denial of service. The weakness corresponds to uncontrolled resource consumption (CWE-400).

Affected Systems

The affected product is Significant‑Gravitas AutoGPT. Any installation using AutoGPT version earlier than 0.6.63 is vulnerable; patching to version 0.6.63 or newer resolves the issue.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity. EPSS is not provided, and the vulnerability is not listed in the CISA KEV catalog, so current exploitation likelihood is uncertain. Based on the description, the likely attack vector involves a malicious user uploading a video with an excessively high loop count to the LoopVideoBlock, leading to disk exhaustion and service interruption.

Generated by OpenCVE AI on June 18, 2026 at 17:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade AutoGPT to version 0.6.63 or later.
  • Limit the maximum loop count accepted by the LoopVideoBlock to a safe value such as 5 or 10.
  • Enable monitoring of disk space usage and configure alerts to detect rapid depletion.

Generated by OpenCVE AI on June 18, 2026 at 17:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 18 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Significant-gravitas
Significant-gravitas autogpt
Vendors & Products Significant-gravitas
Significant-gravitas autogpt

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AutoGPT's LoopVideoBLock allows users to input a video file and process the video, such as looping it 5 times or extending the time, and finally writing it to disk. However, there is no limit on the resources that can be allocated during execution. For example, the number of loops is user-controllable and unlimited. When a malicious attacker loops too many times, the generated video is too large, and after writing it to disk, the disk space is exhausted, eventually causing DoS. Version 0.6.63 patches the issue.
Title AutoGPT has a DoS vulnerability in LoopVideoBlock
Weaknesses CWE-400
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Significant-gravitas Autogpt
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-18T17:34:25.595Z

Reserved: 2025-04-06T19:46:02.463Z

Link: CVE-2025-32392

cve-icon Vulnrichment

Updated: 2026-06-18T17:34:20.053Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T18:00:11Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption