Description
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions prior to 0.6.62 have a DOM-based Cross-Site Scripting (XSS) vulnerability in AutoGPT's signup page. The application improperly trusts a URL parameter (`next`), which is passed to `router.push`. An attacker can craft a malicious link that, when opened by an authenticated user, performs a client-side redirect and executes arbitrary JavaScript in the context of their browser. This could lead to credential theft, internal network pivoting, and unauthorized actions performed on behalf of the victim. Version 0.6.62 patches the issue.
Published: 2026-06-18
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

AutoGPT, a workflow automation platform, contains a DOM‑based XSS flaw in its signup page. The application passes the URL parameter `next` directly to router.push without validation, allowing an attacker to create a malicious link. When an authenticated user clicks the link, the browser executes arbitrary JavaScript in the user’s context, enabling credential theft, network pivoting, and unauthorized operations on behalf of the victim.

Affected Systems

The vulnerability affects the Significant‑Gravitas AutoGPT product, specifically all releases before 0.6.62. Users running earlier versions are at risk, while version 0.6.62 and later contain the fix.

Risk and Exploitability

The flaw carries a CVSS score of 8.8, categorising it as high severity. EPSS data are unavailable and the issue is not listed in the CISA KEV catalog. An attacker can exploit it by delivering a crafted URL to a logged‑in user, causing a client‑side redirect and script execution. Successful exploitation would allow the attacker to hijack the victim’s session and perform actions within the AutoGPT environment.

Generated by OpenCVE AI on June 18, 2026 at 19:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade AutoGPT to version 0.6.62 or later, which removes the untrusted `next` parameter handling and disables the open redirect.
  • Ensure any remaining URL parameters are validated and escaped before being used by the router, preventing future DOM‑based XSS attacks.
  • Deploy a strict Content‑Security‑Policy header that disallows inline scripts and restricts script sources to the trusted origin, reducing the impact of any residual XSS vectors.

Generated by OpenCVE AI on June 18, 2026 at 19:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Significant-gravitas
Significant-gravitas autogpt
Vendors & Products Significant-gravitas
Significant-gravitas autogpt

Thu, 18 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions prior to 0.6.62 have a DOM-based Cross-Site Scripting (XSS) vulnerability in AutoGPT's signup page. The application improperly trusts a URL parameter (`next`), which is passed to `router.push`. An attacker can craft a malicious link that, when opened by an authenticated user, performs a client-side redirect and executes arbitrary JavaScript in the context of their browser. This could lead to credential theft, internal network pivoting, and unauthorized actions performed on behalf of the victim. Version 0.6.62 patches the issue.
Title AutoGPT SignUp Page has DOM-Based XSS and Open Redirect
Weaknesses CWE-601
CWE-87
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L'}


Subscriptions

Significant-gravitas Autogpt
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-18T17:32:37.275Z

Reserved: 2026-06-16T16:44:00.624Z

Link: CVE-2026-55237

cve-icon Vulnrichment

Updated: 2026-06-18T17:31:54.455Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T19:45:16Z

Weaknesses
  • CWE-601

    URL Redirection to Untrusted Site ('Open Redirect')

  • CWE-87

    Improper Neutralization of Alternate XSS Syntax