Description
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `StepThroughItemsBlock` can iterate all the contents in a list and send them to `FileStoreBlock` for downloading one by one. Although `FileStoreBlock` has access time limits for downloading files, `StepThroughItemsBlock` can be used to slowly iterate and download relatively small files (e.g., 100M) multiple times. `StepThroughItemsBlock` does not limit the number of loops. In addition, `FileStoreBlock` does not limit the amount of disk space consumed in the current working directory. When a malicious user chooses to download too many videos, the disk space will eventually run out, causing a DoS. Version 0.6.63 patches the issue.
Published: 2026-06-18
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in AutoGPT’s StepThroughItemsBlock allows an attacker to repeatedly iterate through a list of items and trigger FileStoreBlock to download each item individually, even when the files are small. Because StepThroughItemsBlock imposes no limit on the number of iterations and FileStoreBlock does not enforce a disk‑space quota, an attacker can repeatedly download large files until the working directory consumes all available disk capacity. This resource exhaustion leads to a denial of service where the system becomes unresponsive or crashes. The weakness is a classic CWE‑400 resource‑exhaustion flaw.

Affected Systems

All instances of Significant‑Gravitas AutoGPT versions earlier than 0.6.63 are affected. The vulnerability is present in the default installation and any user‑configured AutoGPT agent that includes StepThroughItemsBlock without constraints.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity vulnerability. No EPSS score is available, and the issue is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector likely involves an adversary being able to influence the AutoGPT workflow—either by crafting a malicious agent or by manipulating an existing workflow to create a loop of file downloads. Once the attacker can control the loop, the absence of a disk‑space quota allows the system to be depleted until exhaustion, resulting in a denial of service. Given the high severity and lack of mitigation, the threat level is serious.

Generated by OpenCVE AI on June 18, 2026 at 18:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade AutoGPT to version 0.6.63 or later, which patches the underlying loop and disk‑space exhaustion issue.
  • If upgrading is not immediately possible, remove or disable StepThroughItemsBlock from untrusted or user‑generated workflows to prevent repetitive iteration.
  • Configure the working directory with a disk‑space quota and set up monitoring to alert when consumption approaches capacity.

Generated by OpenCVE AI on June 18, 2026 at 18:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 18 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Significant-gravitas
Significant-gravitas autogpt
Vendors & Products Significant-gravitas
Significant-gravitas autogpt

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `StepThroughItemsBlock` can iterate all the contents in a list and send them to `FileStoreBlock` for downloading one by one. Although `FileStoreBlock` has access time limits for downloading files, `StepThroughItemsBlock` can be used to slowly iterate and download relatively small files (e.g., 100M) multiple times. `StepThroughItemsBlock` does not limit the number of loops. In addition, `FileStoreBlock` does not limit the amount of disk space consumed in the current working directory. When a malicious user chooses to download too many videos, the disk space will eventually run out, causing a DoS. Version 0.6.63 patches the issue.
Title AutoGPT has a DoS vulnerability in FileStoreBlock with StepThroughItemsBlock
Weaknesses CWE-400
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Significant-gravitas Autogpt
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-18T18:53:57.677Z

Reserved: 2025-04-08T10:54:58.366Z

Link: CVE-2025-32422

cve-icon Vulnrichment

Updated: 2026-06-18T18:52:28.750Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T18:30:15Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption