Skip to main content
CVE-2026-6118 LOW POC Monitor

Command injection in AstrBot's MCP endpoint handler (add_mcp_server function) allows authenticated remote attackers to execute arbitrary system commands via the command parameter. Versions up to 4.22.1 are affected. The vulnerability is publicly disclosed with exploit code available on GitHub, and the vendor has not released a patch despite early notification.

Command Injection Astrbot
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.9%
CVE-2026-6108 LOW POC Monitor

OS command injection in 1Panel-dev MaxKB up to version 2.6.1 allows authenticated remote attackers to execute arbitrary operating system commands through manipulation of the Model Context Protocol Node's execute function in base_mcp_node.py, with publicly available exploit code and vendor-released patches available for remediation.

Command Injection Maxkb
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-6125 LOW POC PATCH GHSA Monitor

Remote code injection in Dromara warm-flow up to version 1.8.4 allows authenticated attackers to execute arbitrary code through the SpelHelper.parseExpression function via manipulation of listenerPath, skipCondition, or permissionFlag parameters in the Workflow Definition Handler. The vulnerability uses SpEL (Spring Expression Language) injection to achieve code execution with CVSS 6.3 severity. Publicly available exploit code exists and the flaw has been documented in the project's issue tracker.

Code Injection RCE Warm Flow
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6111 LOW POC PATCH GHSA Monitor

Server-side request forgery (SSRF) in FoundationAgents MetaGPT up to version 0.8.1 allows authenticated remote attackers to conduct arbitrary requests via manipulation of the img_url_or_b64 parameter in the decode_image function of metagpt/utils/common.py. Publicly available exploit code exists, and a vendor patch has been released. The vulnerability carries a CVSS score of 6.3 with low confidentiality, integrity, and availability impact, but requires low-level authentication to exploit.

SSRF Metagpt
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6117 LOW POC Monitor

AstrBot versions up to 4.22.1 allow authenticated remote attackers to bypass sandbox restrictions via malicious file uploads to the install-upload endpoint (install_plugin_upload function), enabling arbitrary code execution with limited information disclosure and integrity impact. The vulnerability exists in the plugin installation mechanism and has publicly available exploit code; the vendor has been notified but has not yet responded with a patch.

Information Disclosure Astrbot
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6119 LOW POC Monitor

Server-side request forgery (SSRF) in AstrBot API endpoint post_data.get allows authenticated remote attackers to perform arbitrary HTTP requests from the server, potentially exposing internal services or enabling data exfiltration. AstrBot versions up to 4.22.1 are affected. Publicly available exploit code exists, though vendor response remains pending despite early notification.

SSRF Astrbot
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6109 LOW POC GHSA Monitor

Cross-site request forgery in FoundationAgents MetaGPT through version 0.8.1 allows unauthenticated remote attackers to perform unauthorized actions via the evaluateCode function in the Mineflayer HTTP API component. The vulnerability requires user interaction (UI:R) and has limited integrity impact, but publicly available exploit code exists and the vendor has not yet responded to early notification.

CSRF Metagpt
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy