CVE-2026-6584: SuperAGI Authentication Bypass Vulnerability

CVE-2026-6584 Overview

CVE-2026-6584 is an authorization bypass vulnerability in TransformerOptimus SuperAGI versions up to 0.0.14. The flaw resides in the update_user function within superagi/controllers/user.py, part of the User Update Endpoint. Attackers can manipulate the user_id parameter to modify arbitrary user accounts without proper authorization checks [CWE-285]. The vulnerability is remotely exploitable over the network and requires low privileges. A public proof-of-concept exists, and the vendor did not respond to coordinated disclosure attempts.

Critical Impact

Authenticated remote attackers can bypass authorization controls in the SuperAGI User Update Endpoint by manipulating the user_id argument, enabling unauthorized modification of other users' account data.

Affected Products

• TransformerOptimus SuperAGI versions up to and including 0.0.14
• Component: superagi/controllers/user.py (update_user function)
• Component: User Update Endpoint

Discovery Timeline

• 2026-04-20 - CVE-2026-6584 published to NVD
• 2026-04-29 - Last updated in NVD database

Technical Details for CVE-2026-6584

Vulnerability Analysis

The vulnerability is classified as Improper Authorization [CWE-285]. SuperAGI is an autonomous AI agent framework that exposes a REST API for managing users and agents. The update_user endpoint in superagi/controllers/user.py accepts a user_id argument from client requests and uses it to identify the target account for update operations.

The endpoint does not verify that the authenticated caller owns the supplied user_id or holds the privilege to modify that account. Any authenticated user can submit a request referencing another user's identifier and update fields on that record. This pattern is commonly described as an Insecure Direct Object Reference combined with missing authorization enforcement.

A public proof-of-concept is hosted on GitHub Gist, demonstrating the request structure required to trigger the bypass. The exploit requires only network reachability to the SuperAGI API and a valid authentication token, which is the default state for any registered user of the application.

Root Cause

The root cause is missing authorization logic in the update_user controller. The function trusts the user_id provided in the request body or path parameter without comparing it to the session identity or checking role-based permissions. Server-side enforcement of object-level ownership is absent.

Attack Vector

The attack vector is network-based and requires low privileges. An attacker authenticates to a SuperAGI deployment using any valid account, then issues a crafted request to the user update endpoint with the user_id of a target account. The server applies the update without verifying ownership, allowing modification of arbitrary user records. See the GitHub Gist PoC for request details.

// No verified exploitation code provided.
// Refer to the public proof-of-concept linked in the references for request structure.

Detection Methods for CVE-2026-6584

Indicators of Compromise

• HTTP requests to the SuperAGI user update endpoint where the user_id parameter does not match the authenticated session identity.
• Unexpected modifications to user records, including email, role, or profile fields, originating from non-administrative accounts.
• Authentication anomalies following user record changes, such as logins from new locations on previously stable accounts.

Detection Strategies

• Enable verbose logging on the SuperAGI API and correlate update_user calls with the authenticated principal versus the targeted user_id.
• Deploy a reverse proxy or API gateway in front of SuperAGI to inspect and alert on user-update traffic referencing identifiers other than the caller's own.
• Review database audit trails for users table writes that lack a corresponding administrative action.

Monitoring Recommendations

• Alert when a single authenticated session modifies more than one distinct user_id within a short window.
• Monitor SuperAGI application logs for repeated 200-OK responses on user update calls from non-admin tokens.
• Track outbound webhook or notification traffic that follows user record modifications to identify lateral activity.

How to Mitigate CVE-2026-6584

Immediate Actions Required

• Restrict network access to SuperAGI deployments so the API is reachable only from trusted internal networks or VPNs.
• Disable or limit self-service user registration to reduce the pool of accounts capable of authenticating and triggering the bypass.
• Audit existing user accounts for unauthorized changes to email, role, or password reset fields.

Patch Information

No vendor patch is available at the time of publication. The disclosure record indicates the vendor was contacted but did not respond. Track the VulDB Vulnerability #358219 entry and the TransformerOptimus SuperAGI repository for an official fix.

Workarounds

• Place SuperAGI behind an authenticating reverse proxy that enforces object-level access control on requests to the update_user endpoint.
• Apply a local patch to superagi/controllers/user.py that verifies the authenticated user's identity matches the supplied user_id before processing the update, or restricts the operation to administrative roles.
• Remove or disable the user update endpoint entirely if it is not required for operational workflows.

# Example reverse proxy rule (nginx) to block cross-user update attempts
# Requires session-aware logic; pseudo-configuration shown for reference
location /api/user/update {
    # Enforce authentication and reject requests where body user_id
    # does not match the session principal at the application layer.
    auth_request /auth/validate;
    proxy_pass http://superagi_backend;
}