EUVD-2026-21049
GHSA-wp29-qmvj-frvp
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5Tags
Description
A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.run_command in the library metagpt/tools/libs/terminal.py. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The identifier of the patch is d04ffc8dc67903e8b327f78ec121df5e190ffc7b. Applying a patch is the recommended action to fix this issue.
Analysis
Remote code execution in FoundationAgents MetaGPT up to version 0.8.1 allows unauthenticated attackers to execute arbitrary OS commands via improper input validation in the Terminal.run_command function. The vulnerability exploits command injection in metagpt/tools/libs/terminal.py and has publicly available exploit code; patch commit d04ffc8dc67903e8b327f78ec121df5e190ffc7b is available from the vendor.
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today