CVE-2026-33233 exploits AutoGPT's use of Python's pickle format for serializing agent state; a malicious payload can execute arbitrary commands on the host running the agent. CVE-2026-33232 allows an unauthenticated caller to exhaust available disk space, crashing the service. CVE-2026-33234 bypasses SSRF protections, potentially allowing server-side requests to internal infrastructure. All three vulnerabilities were published on May 19. AutoGPT is widely used in automated AI agent pipelines, many of which operate with elevated host permissions. The pickle deserialization flaw is especially critical in multi-tenant or shared-infrastructure deployments. Teams running self-hosted AutoGPT instances should review their exposure, restrict network access to the AutoGPT API surface, and watch for an upstream patch release.