CVE-2026-22038

HighPublic PoC

Published: 04 February 2026

Published

04 February 2026

Modified

17 February 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Score 0.0011 29.5th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22038 is a high-severity Insertion of Sensitive Information into Log File (CWE-532) vulnerability in Agpt Autogpt Platform. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Log Enumeration (T1654); ranked at the 29.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as APIs and Models.

The strongest mitigations our analysis identified are NIST 800-53 AU-13 (Monitoring for Information Disclosure) and AU-9 (Protection of Audit Information).

Threat & Defense at a Glance

What attackers do: exploitation maps to Log Enumeration (T1654) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AU-13 Monitoring for Information Disclosure good match

prevent

Directly checks log outputs for sensitive information like API keys and authentication secrets and removes them to prevent disclosure.

AU-9 Protection of Audit Information good match

prevent

Protects audit logs containing plaintext API keys and secrets from unauthorized access by low-privilege users.

SI-2 Flaw Remediation good match

preventrecover

Remediates the software flaw in Stagehand blocks that logs API keys in plaintext, enabling upgrade to the patched version and review of existing logs.

MITRE ATT&CK Enterprise TechniquesAI

T1654 Log Enumeration Discovery

Adversaries may enumerate system and service logs to find useful data.

attack.mitre.org →

T1552.001 Credentials In Files Credential Access

Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.

attack.mitre.org →

Why these techniques?

Vulnerability logs plaintext API keys and secrets in log files, enabling log enumeration (T1654) and collection of unsecured credentials from files (T1552.001, T1081).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using logger.info() statements.…

This occurs in three separate block implementations (StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock) where the code explicitly calls api_key.get_secret_value() and logs the result. This issue has been patched in autogpt-platform-beta-v0.6.46.

Deeper analysisAI

CVE-2026-22038 is a vulnerability in the AutoGPT platform, which enables users to create, deploy, and manage continuous AI agents for automating complex workflows. In versions prior to autogpt-platform-beta-v0.6.46, the Stagehand integration's block implementations—specifically StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock—log API keys and authentication secrets in plaintext. This occurs through explicit calls to api_key.get_secret_value() followed by logger.info() statements, violating CWE-532 (Insertion of Sensitive Information into Log File). The issue carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H), highlighting high confidentiality and availability impacts.

An attacker with low privileges, such as a legitimate user or service account with network access to the AutoGPT platform, can exploit this vulnerability with low complexity and no user interaction required. By accessing the logs generated by the affected Stagehand blocks, the attacker can extract plaintext API keys and authentication secrets, enabling unauthorized access to integrated services, potential lateral movement, or further compromise depending on the secrets' scope. The high confidentiality impact stems directly from secret exposure, while the availability impact likely arises from disruptions possible after credential misuse.

The vulnerability has been patched in autogpt-platform-beta-v0.6.46, as detailed in the GitHub security advisory (GHSA-rc89-6g7g-v5v7) and the fixing commit (1eabc604842fa876c09d69af43d2d1e8fb9b8eb9). Security practitioners should upgrade to the patched version and review existing logs for exposed secrets, implementing log monitoring, rotation, and redaction controls to mitigate risks in AI agent platforms like AutoGPT.

This issue is particularly relevant in AI/ML contexts, as AutoGPT handles autonomous agents that often integrate sensitive third-party APIs for tasks like observation, action, and extraction in workflows. No public evidence of real-world exploitation is available as of the CVE publication on 2026-02-04.

Details

CWE(s): CWE-532

Affected Products

agpt

autogpt platform

≤ 0.6.46

AI Security AnalysisAI

AI Category: APIs and Models
Risk Domain: N/A
OWASP Top 10 for LLMs 2025: None mapped
Classification Reason: Matched keywords: artificial intelligence

CVEs Like This One

CVE-2026-26020Same product: Agpt Autogpt Platform

CVE-2025-62615Same product: Agpt Autogpt Platform

CVE-2026-24780Same product: Agpt Autogpt Platform

CVE-2025-62616Same product: Agpt Autogpt Platform

CVE-2025-22603Same product: Agpt Autogpt Platform

CVE-2025-1040Same product: Agpt Autogpt Platform

CVE-2025-0454Same product: Agpt Autogpt Platform

CVE-2026-23775Shared CWE-532

CVE-2026-27900Shared CWE-532

CVE-2024-7577Shared CWE-532

References

https://github.com/Significant-Gravitas/AutoGPT/commit/1eabc604842fa876c09d69af43d2d1e8fb9b8eb9
Patch · security-advisories@github.com
https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-rc89-6g7g-v5v7
Exploit, Vendor Advisory · security-advisories@github.com