Description
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console (stdout/stderr), and deployed in container mode, which is automatically captured by Docker and stored as "container logs". However, prior to 0.6.32, there is no limit on the log size when the container is deployed. When the number of user accesses is too large, the log on the server disk will be too large, causing disk resource exhaustion and eventually causing DoS. autogpt-platform-beta-v0.6.32 fixes the issue.
Published: 2026-05-13
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

AutoGPT’s platform records execution output to console stdout/stderr and Docker captures this as container logs. Before version 0.6.32 the logging configuration imposes no limit on the accumulated log size. As a result, repeated or large user interactions can cause the log files to grow unchecked, exhausting the host disk and leading to a denial of service. The weakness is a resource exhaustion flaw classified as CWE-770.

Affected Systems

The affected product is Significant‑Gravitas AutoGPT, specifically any deployment of AutoGPT prior to the release of version 0.6.32. Upgrades to 0.6.32 or later incorporate log rotation limits that mitigate the vulnerability.

Risk and Exploitability

With a CVSS score of 5.1 the vulnerability is considered moderate. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, indicating no known active exploitation at this time. The likely attack vector is an attacker or an automated process that generates many requests or long‑running tasks, causing the logs to grow and consume disk space until the host becomes unavailable. Deployment in a containerized environment without any other protective controls makes this vulnerability straightforward to trigger.

Generated by OpenCVE AI on May 13, 2026 at 17:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to AutoGPT version 0.6.32 or later, which implements log rotation limits on container logs
  • If an upgrade cannot be performed immediately, configure Docker or the host to limit the overall disk usage for container logs or establish a monitoring alert for log volume growth
  • Apply general best practices for denial‑of‑service protection, such as rate‑limiting user requests and ensuring sufficient disk quota for container operations

Generated by OpenCVE AI on May 13, 2026 at 17:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Significant-gravitas
Significant-gravitas autogpt
Vendors & Products Significant-gravitas
Significant-gravitas autogpt

Wed, 13 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console (stdout/stderr), and deployed in container mode, which is automatically captured by Docker and stored as "container logs". However, prior to 0.6.32, there is no limit on the log size when the container is deployed. When the number of user accesses is too large, the log on the server disk will be too large, causing disk resource exhaustion and eventually causing DoS. autogpt-platform-beta-v0.6.32 fixes the issue.
Title AutoGPT has missing Docker log rotation on platform containers that allows host disk-exhaustion DoS
Weaknesses CWE-770
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Significant-gravitas Autogpt
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-14T13:54:52.127Z

Reserved: 2025-04-08T10:54:58.367Z

Link: CVE-2025-32425

cve-icon Vulnrichment

Updated: 2026-05-14T13:54:45.786Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:35.297

Modified: 2026-05-13T16:32:31.457

Link: CVE-2025-32425

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T18:00:05Z

Weaknesses