CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/04/14 1:22 a.m.•2 views

CVE-2026-5971

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xmlfill of the file metagpt/actions/actionnode.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated cod...

9.8CVSS5.3AI score0.0009EPSS

RedhatCVE•added 2026/04/13 7:24 p.m.•2 views

CVE-2026-6110

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

9.8CVSS5.5AI score0.00092EPSS

RedhatCVE•added 2026/04/13 1:22 p.m.•1 views

CVE-2026-6111

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

Github Security Blog•added 2026/04/12 3:30 a.m.•6 views

MetaGPT has an eval injection via a cross-site request forgery attack

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

8.8CVSS5.3AI score0.00012EPSS

Exploits1References7Affected Software1

OSV•added 2026/04/12 3:30 a.m.•2 views

GHSA-XR7V-M9PX-Q4QJ MetaGPT has an eval injection in metagpt/strategy/tot.py

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

7.3CVSS6.7AI score0.00092EPSS

Exploits1References7

NVD•added 2026/04/12 3:16 a.m.•2 views

CVE-2026-6110

9.8CVSS0.00092EPSS

NVD•added 2026/04/12 3:16 a.m.•1 views

CVE-2026-6111

6.5CVSS0.00015EPSS

EUVD•added 2026/04/12 2:30 a.m.•0 views

EUVD-2026-21698

Vulnrichment•added 2026/04/12 2:30 a.m.•1 views

CVE-2026-6111 FoundationAgents MetaGPT common.py decode_image server-side request forgery

ATTACKERKB•added 2026/04/12 2:30 a.m.•0 views

CVE-2026-6111

CVE•added 2026/04/12 2:30 a.m.•9 views

CVE-2026-6111

CVE-2026-6111 affects FoundationAgents MetaGPT (up to at least 0.8.1/0.8.2) and targets the function decode_image in metagpt/utils/common.py . Manipulating the argument img_url_or_b64 enables a server-side request forgery (SSRF) that can be triggered remotely. The CVSS data indicates network acce...

NVD•added 2026/04/12 2:16 a.m.•1 views

CVE-2026-6109

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

8.8CVSS0.00012EPSS

Exploits1References5

Vulnrichment•added 2026/04/12 2:0 a.m.•1 views

CVE-2026-6110 FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection

7.5CVSS5.5AI score0.00092EPSS

ATTACKERKB•added 2026/04/12 2:0 a.m.•1 views

CVE-2026-6110

7.5CVSS6.8AI score0.00092EPSS

CVE•added 2026/04/12 2:0 a.m.•6 views

CVE-2026-6110

CVE-2026-6110 affects FoundationAgents MetaGPT (Tree-of-Thought Solver) up to version 0.8.1/0.8.2, with the vulnerability located in generate_thoughts (metagpt/strategy/tot.py). The described manipulation enables code injection and remote initiation of an attack. Public exploit content exists and...

9.8CVSS6.8AI score0.00092EPSS