Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

MetaGPT — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in MetaGPT, with AI-generated Chinese analysis, references, and POCs.

This page catalogs known software vulnerabilities affecting MetaGPT, a multi-agent framework for software engineering that automates the software development lifecycle using large language models. The collected entries cover Common Weakness Enumerations (CWEs) and associated identifiers released from January 2023 through the present date, focusing on disclosed security issues that impact the integrity, availability, or confidentiality of the system. Users can utilize this resource to track vendor security advisories, understand the prevalence and characteristics of specific weakness classes within the MetaGPT ecosystem, and look up the historical vulnerability profile of the product to assess risk exposure over time. The aggregation includes data on input validation flaws, access control misconfigurations, and other common software defects that have been publicly reported or patched. By centralizing this information, the page provides a structured overview for security analysts, developers, and compliance officers to evaluate the security posture of MetaGPT deployments. The data is sourced from public vulnerability databases and official release notes, ensuring that the listed weaknesses reflect verified incidents rather than speculative threats. This compilation does not include internal or unreported findings, but rather serves as a reference for existing, documented security concerns. Readers are encouraged to consult the original sources for detailed remediation steps and technical advisories related to each specific entry.

Vendor: Foundation Agents

CVE IDTitleCVSSSeverityPublished
CVE-2026-11455 FoundationAgents MetaGPT common.py check_cmd_exists command injection CWE-77 5.0 Medium2026-06-07
CVE-2026-10566 FoundationAgents MetaGPT schema.py Message.check_instruct_content deserialization CWE-502 5.3 Medium2026-06-02
CVE-2026-6111 FoundationAgents MetaGPT common.py decode_image server-side request forgery CWE-918 6.3 Medium2026-04-12
CVE-2026-6110 FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection CWE-94 7.3 High2026-04-12
CVE-2026-6109 FoundationAgents MetaGPT Mineflayer HTTP API index.js evaluateCode cross-site request forgery CWE-352 4.3 Medium2026-04-12
CVE-2026-5974 FoundationAgents MetaGPT terminal.py Bash.run os command injection CWE-78 7.3 High2026-04-09
CVE-2026-5973 FoundationAgents MetaGPT common.py get_mime_type os command injection CWE-78 7.3 High2026-04-09
CVE-2026-5972 FoundationAgents MetaGPT terminal.py Terminal.run_command os command injection CWE-78 7.3 High2026-04-09
CVE-2026-5971 FoundationAgents MetaGPT XML action_node.py ActionNode.xml_fill eval injection CWE-95 7.3 High2026-04-09
CVE-2026-5970 FoundationAgents MetaGPT HumanEvalBenchmark/MBPPBenchmark check_solution code injection CWE-94 7.3 High2026-04-09
CVE-2026-4516 Foundation Agents MetaGPT DataInterpreter write_analysis_code.py injection CWE-74 6.3 Medium2026-03-21
CVE-2026-4515 Foundation Agents MetaGPT operator.py code_generate code injection CWE-94 6.3 Medium2026-03-21
CVE-2026-0761 Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability CWE-94 9.8 -2026-01-23
CVE-2026-0760 Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability CWE-502 9.8 -2026-01-23

All 14 known CVE vulnerabilities affecting MetaGPT with full Chinese analysis, references, and POCs where available.