Enviar #791071: TransformerOptimus (or SuperAGI) SuperAGI Version: <= c3c1982 Code Injectioninformación

TítuloTransformerOptimus (or SuperAGI) SuperAGI Version: <= c3c1982 Code Injection
Descripción# Technical Details A Code Injection vulnerability exists in the `edit_agent_template` method in `superagi/controllers/agent_template.py` of SuperAGI. The application fails to sanitize user input for the template configuration fields before passing them to Python's `eval()` function during retrieval. # Vulnerable Code File: superagi/controllers/agent_template.py Method: edit_agent_template Why: The endpoint accepts a raw `dict` parameter without Pydantic validation, allowing an attacker to inject arbitrary Python code as strings into configuration fields (e.g., `goal`, `instruction`, `constraints`). These injected strings pass through unmodified and are stored verbatim in the `agent_template_configs` table. When subsequently fetched, they are executed by `eval()` in `eval_agent_config()`. # Reproduction 1. Authenticate to the SuperAGI instance to obtain a valid JWT token. 2. Create a normal agent via `/api/agents/create` and save it as an agent template via `/api/agent_templates/save_agent_as_template/...`. 3. Call the `update_agent_template` endpoint, injecting malicious Python code strings into the `goal` field (e.g., `"[__import__(\"os\").system(\"id > /tmp/prod_mode_rce\")]"`). 4. Trigger the payload by calling the `/api/agent_templates/agent_config` endpoint to fetch the configuration, forcing `eval()` to execute the injected code. # Impact - Remote Code Execution (RCE) with server root privileges. - Data breach (Access to all stored API keys, database credentials, user data). - Service disruption (Ability to shut down or corrupt the SuperAGI instance).
Fuente⚠️ https://gist.github.com/YLChen-007/a73105550fdcb5e6c0f061a05ba04bd9
Usuario
 Eric-z (UID 95890)
Sumisión2026-03-27 12:27 (hace 26 días)
Moderación2026-04-19 07:40 (23 days later)
EstadoDuplicado
Entrada de VulDB300336 [transformeroptimus superagi eval escalada de privilegios]
Puntos0

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!