Platform
python
Component
metagpt
Opgelost in
0.8.1
0.8.2
A code injection vulnerability has been identified in MetaGPT, affecting versions 0.8.0 through 0.8.1. This flaw resides within the code_generate function of the operator.py file, allowing attackers to potentially execute arbitrary code. The vulnerability is exploitable remotely and a public exploit is already available, highlighting the urgency of remediation. The vendor has not yet acknowledged or responded to the disclosure.
Successful exploitation of CVE-2026-4515 allows an attacker to inject and execute arbitrary code on a system running vulnerable MetaGPT instances. This could lead to complete system compromise, including data exfiltration, malware installation, and denial of service. Given the remote accessibility of the vulnerability and the availability of a public exploit, the potential for widespread exploitation is significant. The impact is amplified if MetaGPT is integrated into critical workflows or processes, as an attacker could leverage this vulnerability to disrupt operations or gain access to sensitive information.
This vulnerability was publicly disclosed on 2026-03-21. The existence of a public proof-of-concept significantly increases the risk of exploitation. The lack of response from the vendor raises concerns about the timeliness of a patch. The vulnerability is not currently listed on CISA KEV, and an EPSS score is pending evaluation, but the public exploit suggests a medium to high probability of exploitation.
Organizations utilizing MetaGPT in automated workflows, particularly those involving external data sources or user-provided input, are at heightened risk. Systems running MetaGPT in production environments without proper security controls or monitoring are also particularly vulnerable. Shared hosting environments where multiple users share the same MetaGPT instance could facilitate lateral movement if one instance is compromised.
• python / server:
import os
import subprocess
def check_metagpt_version():
try:
result = subprocess.check_output(['pip', 'show', 'metagpt'], stderr=subprocess.STDOUT)
version = result.decode('utf-8').split('Version: ')[1].strip()
if '0.8.0' <= version <= '0.8.1':
print(f"MetaGPT version {version} is vulnerable to CVE-2026-4515")
else:
print("MetaGPT version is not vulnerable.")
except FileNotFoundError:
print("MetaGPT is not installed.")
except Exception as e:
print(f"Error checking MetaGPT version: {e}")
check_metagpt_version()• python / supply-chain: Examine Python dependencies for unusual or unexpected packages that might be exploiting the vulnerability.
• generic web: Monitor access logs for requests targeting metagpt/ext/aflow/scripts/operator.py with unusual parameters.
disclosure
Exploit Status
EPSS
0.05% (14% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2026-4515 is to upgrade to a patched version of MetaGPT as soon as it becomes available. Since a fixed version is not yet specified, consider isolating vulnerable instances to limit potential exposure. While a direct fix awaits, review the metagpt/ext/aflow/scripts/operator.py file for any unusual or unexpected code execution patterns. Implement strict input validation and sanitization for any data passed to the code_generate function to reduce the attack surface. After upgrading, confirm the fix by attempting to trigger the code injection vulnerability and verifying that it is no longer exploitable.
Werk de MetaGPT bibliotheek bij naar een versie later dan 0.8.1 die de code injectie kwetsbaarheid verhelpt. Indien er geen versie beschikbaar is, overweeg dan een patch toe te passen op de functie code_generate in het bestand metagpt/ext/aflow/scripts/operator.py om code injectie te voorkomen.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-4515 is a code injection vulnerability affecting MetaGPT versions 0.8.0–0.8.1. It allows attackers to execute arbitrary code remotely through the code_generate function.
You are affected if you are running MetaGPT versions 0.8.0 or 0.8.1. Check your installed version using pip show metagpt.
Upgrade to a patched version of MetaGPT as soon as it becomes available. Until then, isolate vulnerable instances and implement strict input validation.
A public exploit exists, indicating a high probability of active exploitation. Monitor your systems closely.
As of the disclosure date, the vendor has not released an official advisory. Monitor the MetaGPT project's website and GitHub repository for updates.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je requirements.txt-bestand en we vertellen je direct of je getroffen bent.