← Volver a CVEs
CVE-2026-22038
HIGH8.1
Descripcion
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using logger.info() statements. This occurs in three separate block implementations (StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock) where the code explicitly calls api_key.get_secret_value() and logs the result. This issue has been patched in autogpt-platform-beta-v0.6.46.
Detalles CVE
Puntuacion CVSS v3.18.1
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado2/4/2026
Ultima modificacion2/17/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
agpt:autogpt_platform
Debilidades (CWE)
CWE-532
Referencias
https://github.com/Significant-Gravitas/AutoGPT/commit/1eabc604842fa876c09d69af43d2d1e8fb9b8eb9(security-advisories@github.com)
https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-rc89-6g7g-v5v7(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.