| 제목 | TransformerOptimus (or SuperAGI) SuperAGI Version: <= c3c1982 Code Injection |
|---|
| 설명 | # Technical Details
A Code Injection vulnerability exists in the `edit_agent_template` method in `superagi/controllers/agent_template.py` of SuperAGI.
The application fails to sanitize user input for the template configuration fields before passing them to Python's `eval()` function during retrieval.
# Vulnerable Code
File: superagi/controllers/agent_template.py
Method: edit_agent_template
Why: The endpoint accepts a raw `dict` parameter without Pydantic validation, allowing an attacker to inject arbitrary Python code as strings into configuration fields (e.g., `goal`, `instruction`, `constraints`). These injected strings pass through unmodified and are stored verbatim in the `agent_template_configs` table. When subsequently fetched, they are executed by `eval()` in `eval_agent_config()`.
# Reproduction
1. Authenticate to the SuperAGI instance to obtain a valid JWT token.
2. Create a normal agent via `/api/agents/create` and save it as an agent template via `/api/agent_templates/save_agent_as_template/...`.
3. Call the `update_agent_template` endpoint, injecting malicious Python code strings into the `goal` field (e.g., `"[__import__(\"os\").system(\"id > /tmp/prod_mode_rce\")]"`).
4. Trigger the payload by calling the `/api/agent_templates/agent_config` endpoint to fetch the configuration, forcing `eval()` to execute the injected code.
# Impact
- Remote Code Execution (RCE) with server root privileges.
- Data breach (Access to all stored API keys, database credentials, user data).
- Service disruption (Ability to shut down or corrupt the SuperAGI instance).
|
|---|
| 원천 | ⚠️ https://gist.github.com/YLChen-007/a73105550fdcb5e6c0f061a05ba04bd9 |
|---|
| 사용자 | Eric-z (UID 95890) |
|---|
| 제출 | 2026. 03. 27. PM 12:27 (27 날 ago) |
|---|
| 모더레이션 | 2026. 04. 19. AM 07:40 (23 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 300336 [transformeroptimus superagi eval 권한 상승] |
|---|
| 포인트들 | 0 |
|---|