Description

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using logger.info() statements. This occurs in three separate block implementations (StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock) where the code explicitly calls api_key.get_secret_value() and logs the result. This issue has been patched in autogpt-platform-beta-v0.6.46.

INFO

Published Date :

2026-02-04T22:28:20.401Z

Last Modified :

2026-02-05T15:04:13.893Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-22038 vulnerability.

Vendors Products
Agpt
  • Autogpt Platform
Significant-gravitas
  • Autogpt
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22038.

URL Resource
https://github.com/Significant-Gravitas/AutoGPT/commit/1eabc604842fa876c09d69af43d2d1e8fb9b8eb9 cve-icon cve-icon
https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-rc89-6g7g-v5v7 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact