The vulnerability is an Insecure Direct Object Reference in the AutoGPT webhook ping endpoint. The route accepts a webhook_id and retrieves the corresponding record solely by primary key, without verifying that the requesting authenticated user actually owns that webhook. As a result, any authenticated user can supply arbitrary webhook_ids to confirm whether the webhook exists, learn the OAuth provider type associated with that webhook, and in certain situations trigger a ping delivery that will reach the intended webhook owner. This information disclosure can aid attackers in mapping the system’s webhook landscape and the side‑channel communication can be used to send unsolicited messages or notifications to other users.

Vendor Significant‑Gravitas provides the AutoGPT platform. All releases prior to the patch that introduced ownership checks on the POST /api/integrations/webhooks/{webhook_id}/ping route are affected. No specific version numbers are listed in the advisory, indicating that the issue existed in the baseline version prior to the fix.

The CVSS score of 5.4 places the issue in the medium severity range. EPSS is not reported, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited public exploitation at present. The attack vector is authenticated, requiring legitimate user credentials, but it leverages a design flaw that allows any authenticated user to enumerate or misuse webhooks of other users. The lack of an ownership check makes the flaw straightforward to exploit once an attacker has valid credentials, though the impact is constrained to information disclosure and message delivery rather than full system compromise.