Platform
python
Component
metagpt
Fixed in
0.8.1
0.8.2
0.8.3
A code injection vulnerability has been discovered in MetaGPT FoundationAgents versions up to 0.8.2. This flaw resides within the generate_thoughts function of the metagpt/strategy/tot.py file, a component of the Tree-of-Thought Solver. Successful exploitation allows attackers to inject and execute arbitrary code, potentially compromising the system. While the project was notified, a response is pending.
The impact of this vulnerability is significant due to the remote nature of the exploit and the availability of a public proof-of-concept. An attacker could leverage this code injection to gain complete control over the MetaGPT instance, potentially exfiltrating sensitive data, modifying system configurations, or launching further attacks against other systems accessible from the compromised environment. The ability to remotely trigger code execution without authentication drastically increases the attack surface and potential for widespread compromise. This vulnerability shares similarities with other code injection flaws where attackers can bypass security controls by injecting malicious code into trusted processes.
This vulnerability is publicly known with a proof-of-concept available, indicating a higher risk of exploitation. It has been added to the CISA KEV catalog, signifying a significant threat. Public exploitation is likely, and security teams should prioritize remediation. The vulnerability was disclosed on 2026-04-11.
Exploit Status
EPSS
0.07% (21% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade MetaGPT FoundationAgents to a version that addresses this vulnerability. As a fix is not yet available, consider implementing temporary workarounds to reduce the attack surface. These might include restricting network access to the MetaGPT instance, implementing strict input validation on data passed to the generatethoughts function, and closely monitoring system logs for suspicious activity. Consider using a Web Application Firewall (WAF) to filter potentially malicious requests. After upgrading, confirm the fix by attempting to trigger the generatethoughts function with crafted input and verifying that the code injection is prevented.
The code injection vulnerability in the generate_thoughts function of tot.py can be mitigated by carefully reviewing and validating the input provided to this function to prevent the execution of malicious code. It is recommended to update to a patched version as soon as it is available.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-6110 is a code injection vulnerability affecting MetaGPT FoundationAgents versions up to 0.8.2. It allows attackers to remotely execute arbitrary code by manipulating the generate_thoughts function.
You are affected if you are using MetaGPT FoundationAgents version 0.8.2 or earlier. Upgrade to a patched version as soon as possible.
The recommended fix is to upgrade to a patched version of MetaGPT FoundationAgents. As a fix is not yet available, implement temporary workarounds like restricting network access and input validation.
A public exploit is available, indicating a high probability of active exploitation. Security teams should prioritize remediation.
Refer to the MetaGPT project's official channels (GitHub repository, website) for updates and advisories regarding CVE-2026-6110.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.