CVE-2026-6584 | TransformerOptimus SuperAGI up to 0.0.14 User Update Endpoint user.py update_user user_id authorization

A vulnerability classified as problematic was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument user_id results in authorization bypass.

This vulnerability was named CVE-2026-6584. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6584 | TransformerOptimus SuperAGI up to 0.0.14 User Update Endpoint user.py update_user user_id authorization

Post correlati

CVE-2024-10502 | ESAFENET CDG 5 FileDirectoryService.java getOneFileDirectory directoryId sql injection

CVE-2024-5369 | Kashipara College Management System 1.0 submit_admin.php admin_name cross site scripting

CVE-2024-27921 | grav up to 1.7.44 path traversal

CVE-2024-48896 | Moodle information exposure