AutoGPT DoS: Unauthenticated Attack Exhausts Disk Space
The National Vulnerability Database has disclosed CVE-2026-33232, a high-severity (CVSS 7.5) unauthenticated Denial of Service (DoS) vulnerability impacting AutoGPT versions 0.4.2 through 0.6.51. This flaw stems from uncontrolled disk space consumption through the download_agent_file endpoint.
According to the National Vulnerability Database, this endpoint creates persistent temporary files for every request but critically fails to delete them post-service. An unauthenticated attacker can repeatedly invoke this endpoint, rapidly exhausting the server’s disk space. This leads to “No space left on device” errors, causing critical system services like the database to fail and rendering the entire AutoGPT platform backend unavailable to all users.
This is a straightforward, high-impact attack. The fix is available in AutoGPT version 0.6.52. Defenders running affected versions need to prioritize this patch to avoid complete service disruption. The attacker’s calculus is simple: flood the endpoint, fill the disk, take the system offline. Minimal effort, maximum impact.
What This Means For You
- If your organization uses AutoGPT, immediately verify your version. If it's between 0.4.2 and 0.6.51, you are vulnerable to a complete unauthenticated denial of service. Patch to version 0.6.52 without delay. This isn't theoretical – an attacker can shut down your AI agent platform with minimal effort.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-33232: AutoGPT Uncontrolled Disk Space Consumption via download_agent_file
title: CVE-2026-33232: AutoGPT Uncontrolled Disk Space Consumption via download_agent_file
id: scw-2026-05-19-ai-1
status: experimental
level: high
description: |
Detects repeated requests to the '/download_agent_file' endpoint in AutoGPT, which is known to cause uncontrolled disk space consumption due to unmanaged temporary file creation. This can lead to a Denial of Service by exhausting disk space.
author: SCW Feed Engine (AI-generated)
date: 2026-05-19
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-33232/
tags:
- attack.impact
- attack.t1499.001
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/download_agent_file'
cs-method:
- 'GET'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-33232 | DoS | AutoGPT versions 0.4.2 through 0.6.51 |
| CVE-2026-33232 | DoS | AutoGPT vulnerable endpoint: download_agent_file |
| CVE-2026-33232 | DoS | CWE-404: Improper Resource Shutdown or Release |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 19, 2026 at 05:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-20240 — Denial of Service
CVE-2026-20240 — In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129,...
Splunk Enterprise, Cloud Vulnerability Exposes Session Cookies, Sensitive Data
CVE-2026-20239 — In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a...
CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged
CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data...