VIR Vulnerability Intelligence Relay

Package impact

python PyPI / metagpt

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-6110 critical 9.8 9.8 2mo ago MetaGPT has an eval injection in metagpt/strategy/tot.py python
CVE-2026-5974 critical 9.8 9.8 2mo ago FoundationAgents MetaGPT vulnerable to OS Command Injection in metagpt/tools/libs/terminal.py python
CVE-2026-5973 critical 9.8 9.8 2mo ago FoundationAgents MetaGPT vulnerable to OS Command Injection in metagpt/utils/common.py python
CVE-2026-5972 critical 9.8 9.8 2mo ago FoundationAgents MetaGPT vulnerable to os command injection via the Terminal.run_command python
CVE-2026-5971 critical 9.8 9.8 2mo ago A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Exe… python
CVE-2026-5970 critical 9.8 9.8 2mo ago MetaGPT has an Injection issue python
CVE-2026-6109 high 8.8 8.8 2mo ago MetaGPT has an eval injection via a cross-site request forgery attack python
CVE-2026-6111 medium 6.5 6.5 2mo ago MetaGPT affected by server-side request forgery in metagpt/utils/common.py python
CVE-2024-23750 unknown 2y ago MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen. python