CVE-2026-6614 — TransformerOptimus SuperAGI Vulnerability

/MEDIUM /CVSS 6.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
National Vulnerability Database vulnerabilitycvemedium-severitycwe-285cwe-639
CVE-2026-6614 — TransformerOptimus SuperAGI Vulnerability

CVE-2026-6614 — A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function get_project/update_project/get_projects_organisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The atta

What This Means For You

  • If your environment is affected by CWE-285, CWE-639, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-6614 updates and patches.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1078.004 Cloud Accounts Persistence T1200 Hardware Additions Privilege Escalation

🛡️ Detection Rules

1 rule · 6 SIEM formats

1 detection rule mapped to MITRE ATT&CK. Sigma YAML is free — copy below.

high T1190 Initial Access

CVE-2026-6614 - SuperAGI Project Authorization Bypass

Sigma YAML — free preview

Indicators of Compromise

IDTypeIndicator
CVE-2026-6614 vulnerability CVE-2026-6614
CWE-285 weakness CWE-285
CWE-639 weakness CWE-639

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 20, 2026 at 10:16 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related Posts

Oracle's April CPU: 450 Patches, Over 300 Remote, Unauthenticated Flaws

Oracle has dropped its April Critical Patch Update (CPU), delivering a significant batch of 481 security fixes across 28 product families. Of particular concern are...

threat-intelvulnerabilitycloudtools
/SCW Vulnerability Desk /MEDIUM /⚑ 2 IOCs /⚙ 3 Sigma

Telerik UI for AJAX RadFilter Vulnerable to RCE via Deserialization

CVE-2026-6023 — In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if...

vulnerabilityCVEhigh-severityremote-code-executioncwe-502
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 1 IOC /⚙ 3 Sigma

Telerik UI Vulnerability Allows Disk Space Exhaustion Attacks

CVE-2026-6022 — In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the...

vulnerabilityCVEhigh-severitycwe-400
/SCW Vulnerability Desk /HIGH /7.5 /⚑ 1 IOC /⚙ 2 Sigma