CVE-2024-9439

high

Description

SuperAGI is vulnerable to remote code execution in the latest version. The `agent template update` API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks in place. This vulnerability can lead to full system compromise.

References

https://huntr.com/bounties/d710884f-b5ab-4b31-a2e6-e4b38488def1

Details

Source: Mitre, NVD

Published: 2025-03-20

Updated: 2025-07-14

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H