EUVD-2026-14252
GHSA-xwvj-r2ph-6xqj
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Tags
Description
A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
A code injection vulnerability exists in Foundation Agents MetaGPT up to version 0.8.1, specifically in the DataInterpreter component's write_analysis_code.py file, allowing authenticated attackers to inject and execute arbitrary code remotely. The vulnerability is classified as CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) with a CVSS score of 6.3 and requires low privileges and no user interaction. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems running Foundation Agents MetaGPT and apply vendor patches as part of regular patch cycle. Validate input sanitization for user-controlled parameters.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today