MetaGPT — Vulnerabilities & Security Advisories 12

All 12 CVE vulnerabilities found in MetaGPT, with AI-generated Chinese analysis, references, and POCs.

Vendor: Foundation Agents

CVE ID	Title	CVSS	Severity	Published
CVE-2026-6111	FoundationAgents MetaGPT common.py decode_image server-side request forgery CWE-918	6.3	Medium	2026-04-12
CVE-2026-6110	FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection CWE-94	7.3	High	2026-04-12
CVE-2026-6109	FoundationAgents MetaGPT Mineflayer HTTP API index.js evaluateCode cross-site request forgery CWE-352	4.3	Medium	2026-04-12
CVE-2026-5974	FoundationAgents MetaGPT terminal.py Bash.run os command injection CWE-78	7.3	High	2026-04-09
CVE-2026-5973	FoundationAgents MetaGPT common.py get_mime_type os command injection CWE-78	7.3	High	2026-04-09
CVE-2026-5972	FoundationAgents MetaGPT terminal.py Terminal.run_command os command injection CWE-78	7.3	High	2026-04-09
CVE-2026-5971	FoundationAgents MetaGPT XML action_node.py ActionNode.xml_fill eval injection CWE-95	7.3	High	2026-04-09
CVE-2026-5970	FoundationAgents MetaGPT HumanEvalBenchmark/MBPPBenchmark check_solution code injection CWE-94	7.3	High	2026-04-09
CVE-2026-4516	Foundation Agents MetaGPT DataInterpreter write_analysis_code.py injection CWE-74	6.3	Medium	2026-03-21
CVE-2026-4515	Foundation Agents MetaGPT operator.py code_generate code injection CWE-94	6.3	Medium	2026-03-21
CVE-2026-0761	Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability CWE-94	9.8	-	2026-01-23
CVE-2026-0760	Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability CWE-502	9.8	-	2026-01-23

All 12 known CVE vulnerabilities affecting MetaGPT with full Chinese analysis, references, and POCs where available.