CVE-2026-6583 | TransformerOptimus SuperAGI up to 0.0.14 API Key Management Endpoint api_key.py delete_api_key/edit_api_key authorization

A vulnerability classified as problematic has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass.

This vulnerability is uniquely identified as CVE-2026-6583. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6583 | TransformerOptimus SuperAGI up to 0.0.14 API Key Management Endpoint api_key.py delete_api_key/edit_api_key authorization

Post correlati

CVE-2026-2239 | GIMP PSD File Parser denial of service

CVE-2025-60786 | iceScrum Pro On-Prem 7.54 Project unrestricted upload

CVE-2025-65405 | Live555 Streaming Media 2018.09.02 AAC File Parser samplingFrequency use after free

CVE-2025-27598 | SixLabors ImageSharp up to 2.1.9/3.1.6 GIF Decoder out-of-bounds write (ID 2859)