CVE-2026-11455

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function checkcmdexists of the file metagpt/utils/common.py. This manipulation of the argument mermaid.path causes command injection. The attack may be initiated remotely. A high degree of...

CVE-2026-11455

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function checkcmdexists of the file metagpt/utils/common.py. This manipulation of the argument mermaid.path causes command injection. The attack may be initiated remotely. A high degree of...

CVE-2026-11455 FoundationAgents MetaGPT common.py check_cmd_exists command injection

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function checkcmdexists of the file metagpt/utils/common.py. This manipulation of the argument mermaid.path causes command injection. The attack may be initiated remotely. A high degree of...

CVE-2026-11455 FoundationAgents MetaGPT common.py check_cmd_exists command injection

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function checkcmdexists of the file metagpt/utils/common.py. This manipulation of the argument mermaid.path causes command injection. The attack may be initiated remotely. A high degree of...

CVE-2026-11455

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function checkcmdexists of the file metagpt/utils/common.py. This manipulation of the argument mermaid.path causes command injection. The attack may be initiated remotely. A high degree of...

CVE-2026-11455

Summary: CVE-2026-11455 affects FoundationAgents MetaGPT up to 0.8.2. The vulnerability targets the function check_cmd_exists in metagpt/utils/common.py, where manipulating the mermaid.path argument enables a command injection. The issue potentially allows remote initiation with a high attack com...

PT-2026-47177

Name of the Vulnerable Software and Affected Versions FoundationAgents MetaGPT versions prior to 0.8.3 Description Command injection is possible via the mermaid.path argument in the check cmd exists function located in the metagpt/utils/common.py file. This issue allows a remote attacker to execu...

CVE-2026-10566

A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.checkinstructcontent of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has...

CVE-2026-5970

A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function checksolution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. Th...

CVE-2026-5974

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the...

CVE-2026-10566

A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.checkinstructcontent of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has...

CVE-2026-10566

FoundationAgents MetaGPT (up to 0.8.2) contains a deserialization vulnerability in metagpt/schema.py: Message.check_instruct_content. By manipulating the argument mapping, an attacker can trigger deserialization with local access. An exploit has been publicly released; the project was informed vi...

PT-2026-45684

A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check instruct content of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit ha...

CVE-2026-5973

A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function getmimetype of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was...

CVE-2026-5971

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xmlfill of the file metagpt/actions/actionnode.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated cod...

CVE-2026-6110

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

CVE-2026-6111

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

MetaGPT has an eval injection via a cross-site request forgery attack

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

GHSA-XR7V-M9PX-Q4QJ MetaGPT has an eval injection in metagpt/strategy/tot.py

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

CVE-2026-6111

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...