إرسال #791071: TransformerOptimus (or SuperAGI) SuperAGI Version: <= c3c1982 Code Injectionالمعلومات

عنوانTransformerOptimus (or SuperAGI) SuperAGI Version: <= c3c1982 Code Injection
الوصف# Technical Details A Code Injection vulnerability exists in the `edit_agent_template` method in `superagi/controllers/agent_template.py` of SuperAGI. The application fails to sanitize user input for the template configuration fields before passing them to Python's `eval()` function during retrieval. # Vulnerable Code File: superagi/controllers/agent_template.py Method: edit_agent_template Why: The endpoint accepts a raw `dict` parameter without Pydantic validation, allowing an attacker to inject arbitrary Python code as strings into configuration fields (e.g., `goal`, `instruction`, `constraints`). These injected strings pass through unmodified and are stored verbatim in the `agent_template_configs` table. When subsequently fetched, they are executed by `eval()` in `eval_agent_config()`. # Reproduction 1. Authenticate to the SuperAGI instance to obtain a valid JWT token. 2. Create a normal agent via `/api/agents/create` and save it as an agent template via `/api/agent_templates/save_agent_as_template/...`. 3. Call the `update_agent_template` endpoint, injecting malicious Python code strings into the `goal` field (e.g., `"[__import__(\"os\").system(\"id > /tmp/prod_mode_rce\")]"`). 4. Trigger the payload by calling the `/api/agent_templates/agent_config` endpoint to fetch the configuration, forcing `eval()` to execute the injected code. # Impact - Remote Code Execution (RCE) with server root privileges. - Data breach (Access to all stored API keys, database credentials, user data). - Service disruption (Ability to shut down or corrupt the SuperAGI instance).
المصدر⚠️ https://gist.github.com/YLChen-007/a73105550fdcb5e6c0f061a05ba04bd9
المستخدم
 Eric-z (UID 95890)
ارسال27/03/2026 12:27 PM (25 أيام منذ)
الاعتدال19/04/2026 07:40 AM (23 days later)
الحالةمكرر
إدخال VulDB300336 [transformeroptimus superagi eval تجاوز الصلاحيات]
النقاط0

التالي نظرة عامة السابق

Do you know our Splunk app?

Download it now for free!