Lucene search
+L

75 matches found

Github Security Blog
Github Security Blog
added 2026/04/12 3:30 a.m.10 views

MetaGPT has an eval injection via a cross-site request forgery attack

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

8.8CVSS5.3AI score0.00224EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2026/04/12 3:16 a.m.6 views

CVE-2026-6110

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

9.8CVSS0.00409EPSS
Exploits1References6
NVD
NVD
added 2026/04/12 3:16 a.m.3 views

CVE-2026-6111

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

6.5CVSS0.00263EPSS
Exploits1References6
EUVD
EUVD
added 2026/04/12 2:30 a.m.3 views

EUVD-2026-21698

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

6.5CVSS6.2AI score0.00263EPSS
Exploits1References6
OSV
OSV
added 2026/04/12 2:30 a.m.3 views

CVE-2026-6111 FoundationAgents MetaGPT common.py decode_image server-side request forgery

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

5.3CVSS6.1AI score0.00263EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/04/12 2:30 a.m.3 views

CVE-2026-6111 FoundationAgents MetaGPT common.py decode_image server-side request forgery

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

6.5CVSS6.2AI score0.00263EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/04/12 2:30 a.m.1 views

CVE-2026-6111

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

6.5CVSS6.2AI score0.00263EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2026/04/12 2:30 a.m.19 views

CVE-2026-6111

CVE-2026-6111 affects FoundationAgents MetaGPT (up to at least 0.8.1/0.8.2) and targets the function decode_image in metagpt/utils/common.py . Manipulating the argument img_url_or_b64 enables a server-side request forgery (SSRF) that can be triggered remotely. The CVSS data indicates network acce...

6.5CVSS6.2AI score0.00263EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/04/12 2:16 a.m.7 views

CVE-2026-6109

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

8.8CVSS0.00224EPSS
Exploits1References5
OSV
OSV
added 2026/04/12 2:0 a.m.3 views

CVE-2026-6110 FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

6.9CVSS6.7AI score0.00409EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/04/12 2:0 a.m.3 views

CVE-2026-6110 FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

7.5CVSS5.5AI score0.00409EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/04/12 2:0 a.m.2 views

CVE-2026-6110

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

7.5CVSS6.8AI score0.00409EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2026/04/12 2:0 a.m.27 views

CVE-2026-6110

CVE-2026-6110 affects FoundationAgents MetaGPT (Tree-of-Thought Solver) up to version 0.8.1/0.8.2, with the vulnerability located in generate_thoughts (metagpt/strategy/tot.py). The described manipulation enables code injection and remote initiation of an attack. Public exploit content exists and...

9.8CVSS6.8AI score0.00409EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/12 1:30 a.m.3 views

CVE-2026-6109

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

5.3CVSS5.3AI score0.00224EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/04/12 1:30 a.m.4 views

CVE-2026-6109 FoundationAgents MetaGPT Mineflayer HTTP API index.js evaluateCode cross-site request forgery

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

5.3CVSS5.4AI score0.00224EPSS
Exploits1References7
CVE
CVE
added 2026/04/12 1:30 a.m.23 views

CVE-2026-6109

The CVE-2026-6109 entry describes a vulnerability in FoundationAgents MetaGPT up to 0.8.1, specifically in the evaluateCode function of metagpt/environment/minecraft/mineflayer/index.js (Mineflayer HTTP API). It enables cross-site request forgery and can be exploited remotely. Public exploit disc...

8.8CVSS5.3AI score0.00224EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.11 views

PT-2026-32141

Name of the Vulnerable Software and Affected Versions FoundationAgents MetaGPT versions up to 0.8.1 Description A cross-site request forgery issue exists in FoundationAgents MetaGPT up to version 0.8.1. The issue is located in the evaluateCode function of the...

8.8CVSS5.9AI score0.00224EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.14 views

PT-2026-32143

Name of the Vulnerable Software and Affected Versions FoundationAgents MetaGPT versions up to 0.8.1 Description A code injection issue exists in FoundationAgents MetaGPT up to version 0.8.1. The issue is located in the generate thoughts function within the metagpt/strategy/tot.py file of the...

9.8CVSS7.1AI score0.00409EPSS
Exploits1References16
RedhatCVE
RedhatCVE
added 2026/04/10 7:22 p.m.5 views

CVE-2026-5972

A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.runcommand in the library metagpt/tools/libs/terminal.py. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed ...

9.8CVSS6.4AI score0.02328EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/09 9:31 p.m.9 views

EUVD-2026-21072

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the...

7.5CVSS6.8AI score0.02241EPSS
Exploits1References7
Rows per page
Query Builder