CVE-2023-37275: Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GP
lowvulnerabilityLLM-Specific
security
Summary
Auto-GPT is an experimental application that uses GPT-4 (a large language model) to demonstrate AI capabilities through a command-line interface. Before version 0.4.3, malicious websites could trick Auto-GPT's language model into outputting specially encoded text (ANSI escape sequences, which are hidden commands that control console display) that would create fake or misleading messages on the user's screen, potentially causing them to run unintended commands.
Solution / Mitigation
The issue has been patched in release version 0.4.3.
Vulnerability Details
CVSS Score
3.1(low)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Jailbreak
Attack SophisticationModerate
Impact (CIA+S)
integrity
AI Component TargetedAgent
Taxonomy References
CWE (Weakness Type)
Affected Vendors
OpenAI
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-37275
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 85%