Description
Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the actionoutput_str_to_mapping function. The issue results from the lack of proper validation of a user-supplied string before using it to execute Python code. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28124.
Published: 2026-01-23
Score: 9.8 Critical
EPSS: 3.4% Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability resides in the actionoutput_str_to_mapping function of Foundation Agents MetaGPT, where a user-supplied string is evaluated as Python code without proper validation. This flaw permits an attacker to inject arbitrary code, leading to remote execution over the service account. The weakness is identified as code injection (CWE‑94) and, due to the lack of authentication requirements, an attacker can use it without any prior access credentials.

Affected Systems

Affected installations include the Foundation Agents MetaGPT tool, specifically version 0.8.1 as referenced by its CPE entry. Users running this version should verify the installed package and consider it vulnerable until a fix is applied.

Risk and Exploitability

The CVSS score of 9.8 classifies the flaw as critical, and the EPSS score of 3% indicates a non-negligible likelihood of exploitation. The vulnerability is not currently listed in the CISA KEV catalog. Attackers can likely target any exposed interface that accepts the actionoutput string, and exploitation is possible without authentication, suggesting a remote network attacker could compromise the system. Strong risk remains until remediation is applied.

Generated by OpenCVE AI on April 18, 2026 at 15:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched version of MetaGPT as soon as the vendor releases a fix.
  • If a patch is not yet available, restrict unauthenticated access to the MetaGPT service by firewall rules or network segmentation to trusted hosts only.
  • Run MetaGPT within a sandboxed container or virtual environment that limits filesystem and network access, reducing the impact of any potential code execution.
  • Monitor application and system logs for suspicious execution events or unexpected behavior triggered by external input.

Generated by OpenCVE AI on April 18, 2026 at 15:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Feb 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Deepwisdom
Deepwisdom metagpt
CPEs cpe:2.3:a:deepwisdom:metagpt:0.8.1:*:*:*:*:*:*:*
Vendors & Products Deepwisdom
Deepwisdom metagpt

Fri, 23 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Foundation Agents
Foundation Agents metagpt
Vendors & Products Foundation Agents
Foundation Agents metagpt

Fri, 23 Jan 2026 04:00:00 +0000

Type Values Removed Values Added
Description Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The specific flaw exists within the actionoutput_str_to_mapping function. The issue results from the lack of proper validation of a user-supplied string before using it to execute Python code. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28124.
Title Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability
Weaknesses CWE-94
References
Metrics cvssV3_0

{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Deepwisdom Metagpt
Foundation Agents Metagpt
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-01-23T19:24:12.128Z

Reserved: 2026-01-08T22:49:47.771Z

Link: CVE-2026-0761

cve-icon Vulnrichment

Updated: 2026-01-23T19:24:02.827Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-23T04:16:02.847

Modified: 2026-02-20T13:41:55.697

Link: CVE-2026-0761

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:30:03Z

Weaknesses