CVE-2026-6584 | TransformerOptimus SuperAGI up to 0.0.14 User Update Endpoint user.py update_user user_id authorization

Inserito da Angelo Barbosa | Apr 19, 2026 | CVE

A vulnerability classified as problematic was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument user_id results in authorization bypass.

This vulnerability was named CVE-2026-6584. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6584 | TransformerOptimus SuperAGI up to 0.0.14 User Update Endpoint user.py update_user user_id authorization

Post correlati

CVE-2024-24312 | Vaales V_QRS 2024-01-17 Models/UserModel.php sql injection

CVE-2023-31003 | IBM Security Verify Access Appliance up to 10.0.6.1 link following (XFDB-254658)

CVE-2024-7911 | SourceCodester Simple Online Bidding System 1.0 index.php page file inclusion

CVE-2024-45401 | stripe-cli up to 1.21.2 Manifest path traversal (GHSA-fv4g-gwpj-74gr)