{"id":47969,"date":"2026-04-20T03:33:05","date_gmt":"2026-04-20T03:33:05","guid":{"rendered":"http:\/\/localhost\/?p=47969"},"modified":"2026-04-20T03:33:05","modified_gmt":"2026-04-20T03:33:05","slug":"transformeroptimus-superagi-webscrapertool-webpageextractorpy-extractwithlxml-server-side-request-fo","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=47969","title":{"rendered":"TransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgery_CVE-2026-6616"},"content":{"rendered":"

{“lastseen”:””,”description”:”A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extract_with_bs4\/extract_with_3k\/extract_with_lxml of the file superagi\/helper\/webpage_extractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.”,”published”:”2026-04-20T07:15:12.269Z”,”modified”:”2026-04-20T07:15:12.269Z”,”type”:”cve”,”title”:”TransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgery”,”source”:”VulDB”,”references”:”https:\/\/vuldb.com\/vuln\/358251\\nhttps:\/\/vuldb.com\/vuln\/358251\/cti\\nhttps:\/\/vuldb.com\/submit\/791084\\nhttps:\/\/gist.github.com\/YLChen-007\/4bb1d709cbb58cee46d839c651d3221f”,”id”:”CVE-2026-6616″,”bulletinFamily”:””,”cwe”:[“CWE-918″],”cvelist”:null,”sourceData”:”TransformerOptimus SuperAGI 0.0.1\\nTransformerOptimus SuperAGI 0.0.2\\nTransformerOptimus SuperAGI 0.0.3\\nTransformerOptimus SuperAGI 0.0.4\\nTransformerOptimus SuperAGI 0.0.5\\nTransformerOptimus SuperAGI 0.0.6\\nTransformerOptimus SuperAGI 0.0.7\\nTransformerOptimus SuperAGI 0.0.8\\nTransformerOptimus SuperAGI 0.0.9\\nTransformerOptimus SuperAGI 0.0.10\\nTransformerOptimus SuperAGI 0.0.11\\nTransformerOptimus SuperAGI 0.0.12\\nTransformerOptimus SuperAGI 0.0.13\\nTransformerOptimus SuperAGI 0.0.14″,”sourceHref”:””,”cvss”:{“score”:5.3,”severity”:”MEDIUM”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:L\/VI:L\/VA:L\/SC:N\/SI:N\/SA:N\/E:P”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”SuperAGI”,”version”:”0.0.1″,”vendor”:”TransformerOptimus”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:””,”description”:”A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extract_with_bs4\/extract_with_3k\/extract_with_lxml of the file superagi\/helper\/webpage_extractor.py of the component WebScraperTool….<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,22,12,21,13,7,11,5],"class_list":["post-47969","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-53","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nTransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgery_CVE-2026-6616 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=47969\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"TransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgery_CVE-2026-6616 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:””,”description”:”A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extract_with_bs4\/extract_with_3k\/extract_with_lxml of the file superagi\/helper\/webpage_extractor.py of the component WebScraperTool....\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=47969\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-20T03:33:05+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=47969#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=47969\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"TransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgery_CVE-2026-6616\",\"datePublished\":\"2026-04-20T03:33:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=47969\"},\"wordCount\":265,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-5.3\",\"exploit\",\"MEDIUM\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=47969#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=47969\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=47969\",\"name\":\"TransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgery_CVE-2026-6616 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-04-20T03:33:05+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=47969#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=47969\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=47969#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"TransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgery_CVE-2026-6616\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgery_CVE-2026-6616 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=47969","og_locale":"en_US","og_type":"article","og_title":"TransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgery_CVE-2026-6616 - zero redgem","og_description":"{“lastseen”:””,”description”:”A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extract_with_bs4\/extract_with_3k\/extract_with_lxml of the file superagi\/helper\/webpage_extractor.py of the component WebScraperTool....","og_url":"https:\/\/zero.redgem.net\/?p=47969","og_site_name":"zero redgem","article_published_time":"2026-04-20T03:33:05+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=47969#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=47969"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"TransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgery_CVE-2026-6616","datePublished":"2026-04-20T03:33:05+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=47969"},"wordCount":265,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-5.3","exploit","MEDIUM","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=47969#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=47969","url":"https:\/\/zero.redgem.net\/?p=47969","name":"TransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgery_CVE-2026-6616 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-04-20T03:33:05+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=47969#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=47969"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=47969#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"TransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgery_CVE-2026-6616"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/47969","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=47969"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/47969\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=47969"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=47969"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=47969"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}