Impact
ScreenshotWebPageBlock stores captured screenshots in a temporary location without bounding disk usage. If StepThroughItemsBlock iterates this block repeatedly, the temporary directory can grow indefinitely, eventually exhausting available disk space. The result is a denial‑of‑service condition that can lock the entire AutoGPT instance or host system. This weakness is classified as CWE‑400, uncontrolled resource consumption.
Affected Systems
The flaw affects AutoGPT releases earlier than version 0.6.63 shipped by Significant‑Gravitas. Users running those versions on any operating system where AutoGPT writes to the working directory are vulnerable; updates after 0.6.63 contain the patch.
Risk and Exploitability
The CVSS score of 8.7 indicates high severity. Because there is no EPSS data, the likelihood of exploitation cannot be quantified, but the absence of a KEV listing suggests no publicly known exploits yet. The attack can be carried out by a user who can run AutoGPT scripts, so the attack vector is likely local or web‑based depending on the deployment context. Once triggered, the DoS can cause application and potentially host‑level unavailability.
OpenCVE Enrichment