CVE-2026-6616 | TransformerOptimus SuperAGI up to 0.0.14 WebScraperTool webpage_extractor.py server-side request forgery

A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14 and classified as critical. This affects the function extract_with_bs4/extract_with_3k/extract_with_lxml of the file superagi/helper/webpage_extractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery.

This vulnerability is referenced as CVE-2026-6616. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More