Description
An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server returns all information associated with the existing account. The vulnerable endpoint is located in the user registration functionality.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://huntr.com/bounties/13da8366-4670-4d46-9f5a-ba3f642b692e
Scores
CVSS v3
7.5
EPSS
0.0054
EPSS Percentile
40.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-359
Status
published
Products (1)
superagi/superagi
0.0.14
Published
Mar 20, 2025
Tracked Since
Feb 18, 2026