CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

141 matches found

CVE-2026-10566

A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.checkinstructcontent of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has...

5.3CVSS0.00023EPSS

Exploits0References6

ATTACKERKB•added 2 days ago•4 views

CVE-2026-10566

5.3CVSS5.7AI score0.00023EPSS

Exploits0References6Affected Software1

Cvelist•added 2 days ago•32 views

CVE-2026-10566 FoundationAgents MetaGPT schema.py Message.check_instruct_content deserialization

5.3CVSS0.00023EPSS

Exploits0References6

CVE•added 2 days ago•7 views

CVE-2026-10566

FoundationAgents MetaGPT (up to 0.8.2) contains a deserialization vulnerability in metagpt/schema.py: Message.check_instruct_content. By manipulating the argument mapping, an attacker can trigger deserialization with local access. An exploit has been publicly released; the project was informed vi...

5.3CVSS5.7AI score0.00023EPSS

Exploits0References6

Positive Technologies•added 2 days ago•9 views

PT-2026-45684

A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check instruct content of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit ha...

5.3CVSS5.7AI score0.00023EPSS

Exploits0References7

RedhatCVE•added 2026/04/14 7:23 p.m.•2 views

CVE-2026-5973

A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function getmimetype of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was...

9.8CVSS6.7AI score0.0053EPSS

Exploits1References1

RedhatCVE•added 2026/04/14 1:22 a.m.•2 views

CVE-2026-5971

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xmlfill of the file metagpt/actions/actionnode.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated cod...

9.8CVSS5.3AI score0.0009EPSS

Exploits1References1

RedhatCVE•added 2026/04/13 7:24 p.m.•2 views

CVE-2026-6110

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

9.8CVSS5.5AI score0.00092EPSS

Exploits1References1

RedhatCVE•added 2026/04/13 1:22 p.m.•1 views

CVE-2026-6111

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

6.5CVSS6.2AI score0.00015EPSS

Exploits1References1

Snyk•added 2026/04/12 3:30 a.m.•2 views

Server-side Request Forgery (SSRF)

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the decodeimage function in the file metagpt/utils/common.py when processing the imgurlorb64 argument. An attacker can access internal resources or perform...

6.5CVSS6.2AI score0.00015EPSS

Exploits1References2

OSV•added 2026/04/12 3:30 a.m.•2 views

GHSA-R5V8-C28H-F8R8 MetaGPT affected by server-side request forgery in metagpt/utils/common.py

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.2. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

6.3CVSS6.2AI score0.00015EPSS

Exploits1References7

Snyk•added 2026/04/12 3:30 a.m.•0 views

Cross-site Request Forgery (CSRF)

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the evaluateCode function in the Mineflayer HTTP API. An attacker can execute unauthorized actions by tricking a user into making unwanted requests. Remediation...

8.8CVSS4.9AI score0.00012EPSS

Exploits1References2

OSV•added 2026/04/12 3:30 a.m.•1 views

GHSA-W287-WWHF-95VV MetaGPT has an eval injection via a cross-site request forgery attack

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

5.3CVSS5.3AI score0.00012EPSS

Exploits1References6

OSV•added 2026/04/12 3:30 a.m.•2 views

GHSA-XR7V-M9PX-Q4QJ MetaGPT has an eval injection in metagpt/strategy/tot.py

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

7.3CVSS6.7AI score0.00092EPSS

Exploits1References7