CVE-2024-6091
Published: 11 September 2024
Summary
CVE-2024-6091 is a critical-severity OS Command Injection (CWE-78) vulnerability in Agpt Autogpt Classic. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command Obfuscation (T1027.010); ranked at the 38.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the LLM/Generative AI Risks risk domain; MITRE ATLAS techniques in scope: LLM Prompt Injection (AML.T0051).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-2796
Vulnerability details
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker can circumvent this restriction by…
more
executing commands with a modified path, such as '/bin/./whoami', which is not recognized by the denylist.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- LLM/Generative AI Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- AutoGPT (significant-gravitas/autogpt) is an open-source autonomous AI agent framework that leverages LLMs like GPT to perform tasks, including executing shell commands. The vulnerability specifically impacts the agent's command execution security mechanism, fitting AI agent protocols and integrations.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables bypassing AutoGPT's shell command denylist via path obfuscation (e.g., '/bin/./whoami'), facilitating command obfuscation (T1027.010), Unix shell execution (T1059.004), and exploitation for defense evasion (T1211).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.