CVE-2026-33232 documents an unauthenticated denial-of-service path in AutoGPT where a remote attacker can trigger unbounded disk writes, exhausting available storage and taking the service offline. The vulnerability requires no credentials to exploit, lowering the bar for attackers significantly. Rated CVSS 7.5 (High), this flaw is part of a trio of vulnerabilities disclosed on May 19, 2026 alongside CVE-2026-33233 (RCE via pickle) and CVE-2026-33234 (SSRF bypass). Operators running public-facing or multi-tenant AutoGPT deployments are at greatest risk. Applying available patches and restricting unauthenticated access paths are recommended mitigations.