metagpt
PyPI9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting metagptpage 1 of 1
- CVE-2024-23750HIGHCVSS 8.8EG 8.8✓ Fixed in 0.6.52024-01-22
vulnerable: 0.1 ... 0.6.4 (11 versions)
MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen.
- CVE-2026-5970HIGHCVSS 7.3EG 7.32026-04-09
vulnerable: 0.1 ... 0.8.1 (29 versions)
A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initia…
- CVE-2026-5971HIGHCVSS 7.3EG 7.32026-04-09
vulnerable: 0.1 ... 0.8.1 (29 versions)
A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Executing a manipulation can lead to improp…
- CVE-2026-5972HIGHCVSS 7.3EG 7.3✓ Fixed in 0.8.22026-04-09
vulnerable: 0.1 ... 0.8.1 (29 versions)
A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.run_command in the library metagpt/tools/libs/terminal.py. The manipulation leads to os command injection. Remote exploitation…
- CVE-2026-5973HIGHCVSS 7.3EG 7.32026-04-09
vulnerable: 0.1 ... 0.8.1 (29 versions)
A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The explo…
- CVE-2026-5974HIGHCVSS 7.3EG 7.32026-04-09
vulnerable: 0.1 ... 0.8.1 (29 versions)
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to b…
- CVE-2026-6109MEDIUMCVSS 4.3EG 4.32026-04-12
vulnerable: 0.1 ... 0.8.2 (30 versions)
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manip…
- CVE-2026-6110HIGHCVSS 7.3EG 7.32026-04-12
vulnerable: 0.1 ... 0.8.2 (30 versions)
A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It i…
- CVE-2026-6111MEDIUMCVSS 6.3EG 6.32026-04-12
vulnerable: 0.1 ... 0.8.2 (30 versions)
A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b64 results in server-side request forgery…
Check whether metagpt is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for metagpt CVEs against the assets you own.
Start Free Scan →