Authentication bypass in AutoGPT de Thesamur
Posted date 19/02/2026
Identificador
INCIBE-2026-126
Importance
3 - Medium
Affected Resources
AutoGPT
Description
INCIBE has coordinated the publication of a medium-severity vulnerability affecting Thesamur's AutoGPT, an AI tool. The vulnerability was discovered by Gonzalo Aguilar García (6h4ack).
This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector, and CWE vulnerability type:
- CVE-2025-41023: CVSS v4.0: 6.9 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N | CWE-287
Solution
No solution has been reported at this time.
Detail
CVE-2025-41023: An authentication bypass vulnerability has been found in Thesamur's AutoGPT. This vulnerability allows an attacker to bypass authentication mechanisms. Once inside the web application, the attacker can use any of its features regardless of the authorisation method used.
CVE
| Identificador CVE | Severidad | Explotación | Fabricante |
|---|---|---|---|
| CVE-2025-41023 | Media | No | Thesamur |
References list
Etiquetas
