CVE-2026-30950 HIGH

CVE-2026-30950: AutoGPT has Authenticated Session Hijacking via IDOR

Vendor Significant-Gravitas
Product AutoGPT
Weakness CWE-862 · Missing authorization
Published May 18, 2026
Last update May 19, 2026
View on NVD All CVEs

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

What the vulnerability does

01Description

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the session_id of another user's session, they can take it over, reading any messages in it and locking the legitimate user out. The PATCH /sessions/{session_id}/assign-user endpoint authenticates the caller but never verifies session ownership: the service layer invokes the session lookup with user_id=None, which the data access layer interprets as a privileged/system call that bypasses the ownership filter, allowing any authenticated user to reassign an arbitrary session to themselves. This issue has been patched in version 0.6.51.

Key dates

02Disclosure timeline

May 18, 2026 CVE published
May 19, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-3056 Seraphinite Accelerator <= 2.28.14 - Missing Authorization to Authenticated (Subscriber+) Log Clearing CVE-2026-25370 WordPress WP Compress plugin <= 6.60.28 - Broken Access Control vulnerability CVE-2025-39454 WordPress Name Directory plugin <= 1.30.0 - Broken Access Control vulnerability CVE-2025-62022 WordPress BuddyPress plugin <= 14.3.4 - Broken Access Control vulnerability CVE-2024-30484 WordPress RT Easy Builder plugin <= 2.0 - Broken Access Control vulnerability