Description
A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-21
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution via code injection
Action: Patch if available
AI Analysis

Impact

A flaw in the code_generate function of MetaGPT’s operator.py allows an attacker to inject arbitrary code. When the vulnerable method processes user input, the injected code can be executed by the running instance, granting the attacker remote execution powers. This can lead to full compromise of the server, data exfiltration, or further lateral movement. The weakness is classified as CWE‑74 (Code Injection) and CWE‑94 (Improper Control of Generation of Code).

Affected Systems

The vulnerability affects Foundation Agents’ MetaGPT application up to version 0.8.1. Users running any of those releases are potentially exposed; no other versions are listed as affected.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity, while no EPSS score is available and the vulnerability is not in the CISA KEV catalog. The description states the attack can be initiated remotely, implying an internet-exposed or network-accessible instance may be exploited. Because a public exploit is already available, the risk is tangible for unpatched systems.

Generated by OpenCVE AI on March 21, 2026 at 12:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for a newer MetaGPT version released after 0.8.1 and upgrade if one is available.
  • If an upgrade is not yet available, limit the exposure of the MetaGPT instance by restricting network access and ensuring only trusted users can invoke the code_generate function.
  • Configure application logs to capture all code generation requests and monitor for unusual activity.
  • Consider disabling or hardening the code_generate endpoint until a patch is released, and report the issue again to the vendor to expedite a fix.

Generated by OpenCVE AI on March 21, 2026 at 12:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Foundation Agents
Foundation Agents metagpt
Vendors & Products Foundation Agents
Foundation Agents metagpt

Sat, 21 Mar 2026 11:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Foundation Agents MetaGPT operator.py code_generate code injection
Weaknesses CWE-74
CWE-94
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Foundation Agents Metagpt
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-24T14:09:01.018Z

Reserved: 2026-03-20T14:40:24.899Z

Link: CVE-2026-4515

cve-icon Vulnrichment

Updated: 2026-03-24T14:08:54.623Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-21T12:16:19.933

Modified: 2026-03-23T14:31:37.267

Link: CVE-2026-4515

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:41:14Z

Weaknesses