Lucene search
K

33 matches found

NVD
NVD
added 2026/06/07 9:16 a.m.12 views

CVE-2026-11455

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function checkcmdexists of the file metagpt/utils/common.py. This manipulation of the argument mermaid.path causes command injection. The attack may be initiated remotely. A high degree of...

5CVSS0.00936EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/07 7:0 a.m.9 views

CVE-2026-11455

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function checkcmdexists of the file metagpt/utils/common.py. This manipulation of the argument mermaid.path causes command injection. The attack may be initiated remotely. A high degree of...

5CVSS5.2AI score0.00936EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/06/07 7:0 a.m.37 views

CVE-2026-11455 FoundationAgents MetaGPT common.py check_cmd_exists command injection

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function checkcmdexists of the file metagpt/utils/common.py. This manipulation of the argument mermaid.path causes command injection. The attack may be initiated remotely. A high degree of...

5CVSS0.00936EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-10566

A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.checkinstructcontent of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has...

5.3CVSS5.6AI score0.00122EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.9 views

CVE-2026-5970

A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function checksolution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. Th...

9.8CVSS6.9AI score0.00387EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.9 views

CVE-2026-5974

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the...

9.8CVSS7AI score0.02241EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.6 views

CVE-2026-5973

A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function getmimetype of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was...

9.8CVSS6.7AI score0.02283EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/14 1:22 a.m.7 views

CVE-2026-5971

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xmlfill of the file metagpt/actions/actionnode.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated cod...

9.8CVSS5.3AI score0.00387EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/13 1:22 p.m.3 views

CVE-2026-6111

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

6.5CVSS6.2AI score0.00263EPSS
Exploits1References1
OSV
OSV
added 2026/04/12 3:30 a.m.6 views

GHSA-XR7V-M9PX-Q4QJ MetaGPT has an eval injection in metagpt/strategy/tot.py

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

7.3CVSS6.7AI score0.00409EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/04/12 3:30 a.m.9 views

MetaGPT has an eval injection via a cross-site request forgery attack

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

8.8CVSS5.3AI score0.00224EPSS
Exploits1References7Affected Software1
EUVD
EUVD
added 2026/04/12 2:30 a.m.3 views

EUVD-2026-21698

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

6.5CVSS6.2AI score0.00263EPSS
Exploits1References6
CVE
CVE
added 2026/04/12 2:30 a.m.16 views

CVE-2026-6111

CVE-2026-6111 affects FoundationAgents MetaGPT (up to at least 0.8.1/0.8.2) and targets the function decode_image in metagpt/utils/common.py . Manipulating the argument img_url_or_b64 enables a server-side request forgery (SSRF) that can be triggered remotely. The CVSS data indicates network acce...

6.5CVSS6.2AI score0.00263EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/12 2:0 a.m.2 views

CVE-2026-6110

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

7.5CVSS6.8AI score0.00409EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2026/04/12 2:0 a.m.22 views

CVE-2026-6110

CVE-2026-6110 affects FoundationAgents MetaGPT (Tree-of-Thought Solver) up to version 0.8.1/0.8.2, with the vulnerability located in generate_thoughts (metagpt/strategy/tot.py). The described manipulation enables code injection and remote initiation of an attack. Public exploit content exists and...

9.8CVSS6.8AI score0.00409EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/12 1:30 a.m.3 views

CVE-2026-6109

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

5.3CVSS5.3AI score0.00224EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/04/12 1:30 a.m.21 views

CVE-2026-6109

The CVE-2026-6109 entry describes a vulnerability in FoundationAgents MetaGPT up to 0.8.1, specifically in the evaluateCode function of metagpt/environment/minecraft/mineflayer/index.js (Mineflayer HTTP API). It enables cross-site request forgery and can be exploited remotely. Public exploit disc...

8.8CVSS5.3AI score0.00224EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.11 views

PT-2026-32143

Name of the Vulnerable Software and Affected Versions FoundationAgents MetaGPT versions up to 0.8.1 Description A code injection issue exists in FoundationAgents MetaGPT up to version 0.8.1. The issue is located in the generate thoughts function within the metagpt/strategy/tot.py file of the...

9.8CVSS7.1AI score0.00409EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.8 views

PT-2026-32141

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

5.3CVSS5.4AI score0.00224EPSS
Exploits1References6
EUVD
EUVD
added 2026/04/09 9:31 p.m.6 views

EUVD-2026-21049

A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.runcommand in the library metagpt/tools/libs/terminal.py. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed ...

7.5CVSS6.4AI score0.02328EPSS
Exploits1References7
Rows per page
Query Builder