Skip to main content

Metagpt EUVDEUVD-2026-21696

| CVE-2026-6110 MEDIUM
Code Injection (CWE-94)
2026-04-12 VulDB GHSA-xr7v-m9px-q4qj
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

9
PoC Detected
Apr 30, 2026 - 14:55 vuln.today
Public exploit code
CVSS changed
Apr 29, 2026 - 01:11 NVD
6.9 (MEDIUM) 5.5 (MEDIUM)
Severity Changed
Apr 12, 2026 - 03:22 NVD
HIGH MEDIUM
CVSS changed
Apr 12, 2026 - 03:22 NVD
7.3 (HIGH) 6.9 (MEDIUM)
Analysis Generated
Apr 12, 2026 - 02:49 vuln.today
EUVD ID Assigned
Apr 12, 2026 - 02:45 euvd
EUVD-2026-21696
Analysis Generated
Apr 12, 2026 - 02:45 vuln.today
Patch released
Apr 12, 2026 - 02:45 nvd
Patch available
CVE Published
Apr 12, 2026 - 02:00 nvd
MEDIUM 5.5

DescriptionCVE.org

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Code injection in FoundationAgents MetaGPT versions up to 0.8.1 allows unauthenticated remote attackers to execute arbitrary code via the Tree-of-Thought Solver's generate_thoughts function. Publicly available exploit code exists (GitHub issue #1933), and a vendor-supplied patch is available via pull request #1946. The vulnerability requires no user interaction and has low attack complexity, with confirmed impact to confidentiality, integrity, and availability. CVSS 7.3 (High) reflects moderate impact across all CIA triad elements.

Technical ContextAI

MetaGPT is an AI agent framework that implements advanced reasoning patterns including Tree-of-Thought (ToT) solving. The vulnerable function generate_thoughts in metagpt/strategy/tot.py (CWE-94: Improper Control of Generation of Code) accepts externally-influenced input that is dynamically evaluated or executed without adequate sanitization. Tree-of-Thought is a cognitive framework for LLM reasoning that explores multiple solution paths; the implementation flaw allows attackers to inject malicious code into the thought generation process. The affected CPE (cpe:2.3:a:foundationagents:metagpt) indicates all versions through 0.8.1 contain this flaw. Code injection vulnerabilities of this class typically arise from unsafe use of eval(), exec(), or similar dynamic code execution primitives on attacker-controlled data.

RemediationAI

Apply the vendor-supplied patch available via GitHub pull request at https://github.com/FoundationAgents/MetaGPT/pull/1946, which addresses the code injection vulnerability in the Tree-of-Thought solver. Organizations should review the PR changes, test compatibility with existing workflows, and upgrade to a version incorporating this fix once officially released. Until a tagged release version incorporating PR #1946 is available, development teams may apply the patch manually or build from the patched source branch. As an interim mitigation, restrict network access to MetaGPT instances, implement input validation on any data passed to the Tree-of-Thought solver, and monitor for suspicious code execution patterns. Consider disabling the ToT strategy module entirely if not operationally required. Consult the vendor issue tracker at https://github.com/FoundationAgents/MetaGPT/issues/1933 for updates on formal release timelines.

CVE-2024-23750 HIGH POC
8.8 Jan 22

MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell met

CVE-2026-0761 CRITICAL
9.8 Jan 23

MetaGPT has a code injection vulnerability in actionoutput_str_to_mapping (EPSS 2.6%) allowing remote attackers to execu

CVE-2026-0760 CRITICAL
9.8 Jan 23

MetaGPT by Foundation Agents has an insecure deserialization in deserialize_message (EPSS 1.7%) enabling remote code exe

CVE-2026-5973 MEDIUM POC
5.5 Apr 09

Remote command injection in FoundationAgents MetaGPT versions 0.8.0 and 0.8.1 via the get_mime_type function in metagpt/

CVE-2026-5972 MEDIUM POC
5.5 Apr 09

Remote code execution in FoundationAgents MetaGPT up to version 0.8.1 allows unauthenticated attackers to execute arbitr

CVE-2026-5971 MEDIUM POC
5.5 Apr 09

Remote code injection in FoundationAgents MetaGPT up to version 0.8.1 allows unauthenticated attackers to execute arbitr

CVE-2026-5970 MEDIUM POC
5.5 Apr 09

Code injection in FoundationAgents MetaGPT versions up to 0.8.1 allows unauthenticated remote attackers to execute arbit

CVE-2026-5974 MEDIUM
6.9 Apr 09

Remote command injection in FoundationAgents MetaGPT versions up to 0.8.1 allows unauthenticated network attackers to ex

CVE-2026-6111 LOW POC
2.1 Apr 12

Server-side request forgery (SSRF) in FoundationAgents MetaGPT up to version 0.8.1 allows authenticated remote attackers

CVE-2026-4516 LOW POC
2.1 Mar 21

A code injection vulnerability exists in Foundation Agents MetaGPT up to version 0.8.1, specifically in the DataInterpre

CVE-2026-4515 LOW POC
2.1 Mar 21

A code injection vulnerability exists in Foundation Agents MetaGPT versions up to 0.8.1 within the code_generate functio

CVE-2026-6109 LOW POC
2.1 Apr 12

Cross-site request forgery in FoundationAgents MetaGPT through version 0.8.1 allows unauthenticated remote attackers to

Share

EUVD-2026-21696 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy