Cross-site Request Forgery (CSRF)

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the evaluateCode function in the Mineflayer HTTP API. An attacker can execute unauthorized actions by tricking a user into making unwanted requests. Remediation...

GHSA-W287-WWHF-95VV MetaGPT has an eval injection via a cross-site request forgery attack

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

CVE-2026-6109

The CVE-2026-6109 entry describes a vulnerability in FoundationAgents MetaGPT up to 0.8.1, specifically in the evaluateCode function of metagpt/environment/minecraft/mineflayer/index.js (Mineflayer HTTP API). It enables cross-site request forgery and can be exploited remotely. Public exploit disc...

CVE-2026-6109

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...

PT-2026-32141

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack...