EUVD-2026-21729

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

CVE-2026-6125

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

CVE-2026-6125 Dromara warm-flow Workflow Definition save-json SpelHelper.parseExpression code injection

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

CVE-2026-6125

Affected software: Dromara warm-flow up to version 1.8.4. Vulnerable component: SpelHelper.parseExpression in /warm-flow/save-json of the Workflow Definition Handler. Issue: argument manipulation of listenerPath/skipCondition/permissionFlag enables code injection. Impact: remote attacker could ex...

CVE-2026-6125 Dromara warm-flow Workflow Definition save-json SpelHelper.parseExpression code injection

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

CVE-2026-6125

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

Arbitrary Code Injection

Overview AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Arbitrary Code Injection via the installpluginupload function. An attacker can execute unauthorized code and potentially compromise the application by uploading a crafted file to the affected endpoint...

Arbitrary Code Injection

Overview AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Arbitrary Code Injection via the addmcpserver function in the MCP Endpoint component when processing untrusted input in the command argument. An attacker can execute arbitrary system commands by...

GHSA-XR7V-M9PX-Q4QJ MetaGPT has an eval injection in metagpt/strategy/tot.py

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

MetaGPT has an eval injection in metagpt/strategy/tot.py

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

CVE-2026-6110

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

CVE-2026-6110 FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

CVE-2026-6110

CVE-2026-6110 affects FoundationAgents MetaGPT (Tree-of-Thought Solver) up to version 0.8.1/0.8.2, with the vulnerability located in generate_thoughts (metagpt/strategy/tot.py). The described manipulation enables code injection and remote initiation of an attack. Public exploit content exists and...

CVE-2026-6110 FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

MetaGPT 代码注入漏洞

MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from the generatethoughts function in the Tree-of-Thought Solver component’s metagpt/strategy/tot.py file, which could lead to...

PT-2026-32143

Name of the Vulnerable Software and Affected Versions FoundationAgents MetaGPT versions up to 0.8.1 Description A code injection issue exists in FoundationAgents MetaGPT up to version 0.8.1. The issue is located in the generate thoughts function within the metagpt/strategy/tot.py file of the...

Warm-Flow 代码注入漏洞

Warm-Flow is a workflow engine developed by Dromara. Versions of Warm-Flow 1.8.4 and earlier contained a code injection vulnerability. This vulnerability stemmed from the improper handling of parameters listenerPath, skipCondition, and permissionFlag by the SpelHelper.parseExpression function in...

MaxKB 代码注入漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.6.1 contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of parameters in the file...

PT-2026-32157

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

MaxKB 代码注入漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB 2.2.1 and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of parameters in the file...