Vulnerabilities ›

CVE-2026-6583

Medium

CWE-285 — Weakness Type

                    Published: Apr 19, 2026                      ·  Modified: Apr 22, 2026                      ·  Source: NVD                

CVSS v3

5.4

🔗 NVD Official

📄 Description (English)

A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

CVE-2026-6583 is an authorization bypass vulnerability in TransformerOptimus SuperAGI up to version 0.0.14 affecting API key management endpoints. Remote attackers can manipulate the delete_api_key and edit_api_key functions to bypass authorization controls without authentication.

📄 Description (Arabic)

تؤثر هذه الثغرة على مكون إدارة مفاتيح API في TransformerOptimus SuperAGI حيث يمكن للمهاجمين البعيدين تجاوز فحوصات التفويض. يسمح الاستغلال بحذف أو تعديل مفاتيح API دون الحصول على الأذونات المناسبة، مما قد يؤدي إلى وصول غير مصرح به إلى الأنظمة والخدمات.

🤖 ملخص تنفيذي (AI)

A vulnerability in TransformerOptimus SuperAGI versions up to 0.0.14 allows remote attackers to bypass authorization in API key management endpoints. The vulnerability affects the delete_api_key and edit_api_key functions, potentially allowing unauthorized access to sensitive API operations.

🤖 AI Intelligence Analysis Analyzed: May 26, 2026 08:00

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government banking telecom

🎯 MITRE ATT&CK Techniques

T1110 T1078 T1556

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade TransformerOptimus SuperAGI to a version newer than 0.0.14 immediately. Implement strict input validation and authorization checks on all API key management endpoints. Review and audit all API key operations for unauthorized access. Implement role-based access control (RBAC) and principle of least privilege for API key operations. Monitor API key management logs for suspicious activities.

🔧 خطوات المعالجة (العربية)

قم بترقية TransformerOptimus SuperAGI إلى إصدار أحدث من 0.0.14 فوراً. طبق التحقق الصارم من المدخلات والتحقق من التفويض على جميع نقاط نهاية إدارة مفاتيح API. راجع وتدقيق جميع عمليات مفاتيح API للوصول غير المصرح به. طبق التحكم في الوصول القائم على الأدوار (RBAC) ومبدأ أقل امتياز لعمليات مفاتيح API. راقب سجلات إدارة مفاتيح API للأنشطة المريبة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2 5.2.1

🔵 SAMA CSF

AC-2 AC-3 AC-6

🟡 ISO 27001:2022

A.9.1.1 A.9.2.1 A.9.2.5

🔗 References & Sources 4

🔗

https://gist.github.com/YLChen-007/ba28ac92d9fd011d40560dbf2bac39ce

cna@vuldb.com

🔗

https://vuldb.com/submit/791074

cna@vuldb.com

🔗

https://vuldb.com/vuln/358218

cna@vuldb.com

🔗

https://vuldb.com/vuln/358218/cti

cna@vuldb.com

📊 CVSS Score

5.4

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score5.4

CWECWE-285

EPSS0.01%

Exploit No

Patch ✗ No

Published 2026-04-19

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-285

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-6583

💬 Comments

Introduce Yourself

Sign In Required