Lucene search
K

155 matches found

Github Security Blog
Github Security Blog
added 2026/04/09 9:31 p.m.5 views

FoundationAgents MetaGPT vulnerable to OS Command Injection in metagpt/utils/common.py

A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function getmimetype of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was...

9.8CVSS6.7AI score0.02283EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2026/04/09 9:31 p.m.2 views

GHSA-WP29-QMVJ-FRVP FoundationAgents MetaGPT vulnerable to os command injection via the Terminal.run_command

A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.runcommand in the library metagpt/tools/libs/terminal.py. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed ...

7.3CVSS5.2AI score0.02328EPSS
Exploits1References7
OSV
OSV
added 2026/04/09 9:31 p.m.1 views

GHSA-QW5F-QPQ5-PPFG FoundationAgents MetaGPT vulnerable to OS Command Injection in metagpt/utils/common.py

A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function getmimetype of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was...

7.3CVSS6.7AI score0.02283EPSS
Exploits1References7
NVD
NVD
added 2026/04/09 8:16 p.m.6 views

CVE-2026-5973

A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function getmimetype of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was...

9.8CVSS0.02283EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/04/09 7:30 p.m.1 views

CVE-2026-5974

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the...

7.5CVSS6.8AI score0.02241EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2026/04/09 7:30 p.m.16 views

CVE-2026-5974

FoundationAgents MetaGPT

9.8CVSS6.8AI score0.02241EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/04/09 7:30 p.m.22 views

CVE-2026-5974 FoundationAgents MetaGPT terminal.py Bash.run os command injection

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the...

7.5CVSS0.02241EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/09 7:15 p.m.20 views

CVE-2026-5973 FoundationAgents MetaGPT common.py get_mime_type os command injection

A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function getmimetype of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was...

7.5CVSS0.02283EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/04/09 7:15 p.m.2 views

CVE-2026-5973

A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function getmimetype of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was...

7.5CVSS6.7AI score0.02283EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 7:15 p.m.1 views

CVE-2026-5973 FoundationAgents MetaGPT common.py get_mime_type os command injection

A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function getmimetype of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was...

7.5CVSS6.7AI score0.02283EPSS
Exploits1References6
CVE
CVE
added 2026/04/09 7:15 p.m.8 views

CVE-2026-5973

The CVE-2026-5973 entry concerns FoundationAgents MetaGPT up to version 0.8.1. Affected component: the get_mime_type function in metagpt/utils/common.py. Root cause: input handling within that function allows OS command injection, enabling remote execution. Exploit status: public; exploitation po...

9.8CVSS6.7AI score0.02283EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2026/04/09 7:0 p.m.18 views

CVE-2026-5972

CVE-2026-5972 affects FoundationAgents MetaGPT (up to 0.8.1). The vulnerability lies in Terminal.run_command within metagpt/tools/libs/terminal.py, where input handling allows os command injection. This enables remote exploitation as described in multiple sources. Patch identifier d04ffc8dc67903e...

9.8CVSS6.4AI score0.02328EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 7:0 p.m.1 views

CVE-2026-5972 FoundationAgents MetaGPT terminal.py Terminal.run_command os command injection

A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.runcommand in the library metagpt/tools/libs/terminal.py. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed ...

7.5CVSS6.4AI score0.02328EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/09 7:0 p.m.20 views

CVE-2026-5972 FoundationAgents MetaGPT terminal.py Terminal.run_command os command injection

A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.runcommand in the library metagpt/tools/libs/terminal.py. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed ...

7.5CVSS0.02328EPSS
Exploits1References6
Snyk
Snyk
added 2026/04/09 6:31 p.m.4 views

Arbitrary Code Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Code Injection via the xmlfill function of the XML Handler. An attacker can execute arbitrary code by injecting malicious input that is improperly neutralized in dynamically evaluated cod...

9.8CVSS7.9AI score0.00387EPSS
Exploits1References2
OSV
OSV
added 2026/04/09 6:31 p.m.2 views

GHSA-3GHP-8R47-4GJ4 FoundationAgents MetaGPT vulnerable to eval injection

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xmlfill of the file metagpt/actions/actionnode.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated cod...

7.3CVSS6.7AI score0.00387EPSS
Exploits1References7
EUVD
EUVD
added 2026/04/09 6:31 p.m.5 views

EUVD-2026-21004

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xmlfill of the file metagpt/actions/actionnode.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated cod...

7.5CVSS6.7AI score0.00387EPSS
Exploits1References7
EUVD
EUVD
added 2026/04/09 6:31 p.m.3 views

EUVD-2026-20984

A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function checksolution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. Th...

7.5CVSS6.8AI score0.00387EPSS
Exploits1References7
OSV
OSV
added 2026/04/09 6:31 p.m.8 views

GHSA-G977-H85W-H2XJ MetaGPT has an Injection issue

A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function checksolution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. Th...

7.3CVSS6.9AI score0.00387EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/04/09 6:31 p.m.11 views

MetaGPT has an Injection issue

A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function checksolution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. Th...

9.8CVSS6.9AI score0.00387EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder