Vulnerabilities ›

CVE-2026-6612

Medium

CWE-285 — Weakness Type

                    Published: Apr 20, 2026                      ·  Modified: Apr 23, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function get_agent_execution/update_agent_execution of the file superagi/controllers/agent_execution.py of the component Agent Execution Endpoint. Executing a manipulation of the argument agent_execution_id can lead to authorization bypass. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

CVE-2026-6612 is an authorization bypass vulnerability in TransformerOptimus SuperAGI up to version 0.0.14 affecting the Agent Execution Endpoint. Remote attackers can manipulate the agent_execution_id parameter to bypass authorization controls and gain unauthorized access to agent execution functions.

📄 Description (Arabic)

تؤثر هذه الثغرة على نقطة نهاية تنفيذ الوكيل في SuperAGI حيث يمكن للمهاجمين البعيدين تجاوز فحوصات التفويض بمعالجة معامل agent_execution_id. تم الكشف عن الاستغلال علناً والبائع لم يستجب لإشعارات الكشف المبكر.

🤖 ملخص تنفيذي (AI)

This vulnerability allows remote attackers to bypass authorization mechanisms in SuperAGI by manipulating the agent_execution_id parameter in the Agent Execution Endpoint. The flaw enables unauthorized access to critical agent execution functions without proper authentication checks.

🤖 AI Intelligence Analysis Analyzed: May 17, 2026 20:04

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government telecom energy

🎯 MITRE ATT&CK Techniques

T1078.001 T1190 T1548

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Update TransformerOptimus SuperAGI to version 0.0.15 or later immediately. Implement input validation and authorization checks for all agent_execution_id parameters. Deploy Web Application Firewall (WAF) rules to detect and block suspicious agent_execution_id manipulation attempts. Conduct security audit of all Agent Execution Endpoint implementations.

🔧 خطوات المعالجة (العربية)

قم بتحديث TransformerOptimus SuperAGI إلى الإصدار 0.0.15 أو أحدث فوراً. طبق التحقق من صحة المدخلات والتحقق من التفويض لجميع معاملات agent_execution_id. نشر قواعد جدار الحماية لتطبيقات الويب لكشف ومنع محاولات معالجة معرف التنفيذ المريبة. إجراء تدقيق أمني لجميع تطبيقات نقطة نهاية تنفيذ الوكيل.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2 5.2.1

🔵 SAMA CSF

AC-2 AC-3 AC-6

🟡 ISO 27001:2022

A.9.1.1 A.9.2.1 A.9.4.3

🔗 References & Sources 4

🔗

https://gist.github.com/YLChen-007/d033e9d4d23e0832b9ede71dc545ac9a

cna@vuldb.com

🔗

https://vuldb.com/submit/791078

cna@vuldb.com

🔗

https://vuldb.com/vuln/358247

cna@vuldb.com

🔗

https://vuldb.com/vuln/358247/cti

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-285

EPSS0.02%

Exploit No

Patch ✗ No

Published 2026-04-20

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-285

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-6612

Introduce Yourself

Sign In Required