CVE-2026-6586 | TransformerOptimus SuperAGI up to 0.0.14 Budget Endpoint budget.py get_budget/update_budget authorization

A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass.

This vulnerability is referenced as CVE-2026-6586. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More