CVE-2024-1881
Published: 06 June 2024
Summary
CVE-2024-1881 is a critical-severity OS Command Injection (CWE-78) vulnerability in Agpt Autogpt Classic. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 25.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Other ATLAS/OWASP Terms risk domain; MITRE ATLAS techniques in scope: Obtain Capabilities (AML.T0016), Exfiltration via AI Inference API (AML.T0024), External Harms (AML.T0048).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-17606
Vulnerability details
AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up…
more
to but not including 5.1.0. The issue arises from the application's method of validating shell commands against an allowlist or denylist, where it only checks the first word of the command. This allows an attacker to bypass the intended restrictions by crafting commands that are executed despite not being on the allowlist or by including malicious commands not present in the denylist. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary shell commands.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- AutoGPT is an open-source autonomous AI agent framework (significant-gravitas/autogpt) that enables LLM-based agents to interact with external tools and execute actions like shell commands, fitting the 'AI Agent Protocols and Integrations' category. The vulnerability is in its command validation for agent-executed OS commands.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The OS command injection vulnerability allows arbitrary shell command execution by bypassing validation, enabling T1059 (Command and Scripting Interpreter) and T1203 (Exploitation for Client Execution) in AutoGPT.
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.