CVE-2026-33233 HIGH

CVE-2026-33233: AutoGPT Platform: Remote Code Execution via Unsafe Pickle Deserialization of Redis Cache Entries

Vendor Significant-Gravitas

Product AutoGPT

Weakness CWE-502 · Unsafe deserialization

Published May 19, 2026

Last update May 19, 2026

View on NVD All CVEs

CVSS base score

7.6/10

Attack vector Adjacent

Attack complexity High

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with pickle.dumps(...) into Redis and the read path blindly invokes pickle.loads(...) on bytes with no HMAC/signature or strict schema validation gating deserialization. If an attacker can poison a shared-cache key in Redis, arbitrary command execution is possible in the backend container context, affecting confidentiality, integrity, and availability. This issue has been fixed in version 0.6.52.

Key dates

02Disclosure timeline

May 19, 2026 CVE published

May 19, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-33233

Related vulnerabilities

CVE-2026-33233: AutoGPT Platform: Remote Code Execution via Unsafe Pickle Deserialization of Redis Cache Entries

01Description

02Disclosure timeline

03References

04Related CVE