Description
A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-04-12
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Immediately
AI Analysis

Impact

A flaw affecting FoundationAgents MetaGPT up to version 0.8.1 allows code injection through the generate_thoughts function in tot.py. The description indicates that manipulation of this function leads to code injection, which can be triggered remotely. Based on the description, it is inferred that an attacker can craft malicious input that is evaluated by the system, resulting in the execution of arbitrary code and full compromise of the host running MetaGPT.

Affected Systems

All installations of FoundationAgents MetaGPT versions ≤0.8.1 contain the vulnerable code in the Tree‑of‑Thought Solver component. The flaw resides in tot.py, and any deployment that imports or uses generate_thoughts is potentially exposed. No patch or mitigation is available from the vendor at this time, so the issue remains active for all affected releases.

Risk and Exploitability

The CVSS score of 6.9 denotes moderate severity, yet the vulnerability permits remote code execution. The exploit code is publicly available and may be employed by attackers. Although an EPSS score is not published, the combination of remote accessibility and lack of vendor response raises the likelihood of exploitation. It is inferred that the attack vector is remote exploitation of services that expose the vulnerable function. The vulnerability is not yet listed in the CISA KEV catalog, but the potential for critical impact warrants high priority action.

Generated by OpenCVE AI on April 12, 2026 at 04:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a MetaGPT release newer than 0.8.1 once a fix becomes available
  • Validate and sanitize all input that reaches the Tree‑of‑Thought Solver to prevent code injection
  • Monitor application logs and host activity for indicators of unintended code execution and employ intrusion detection to flag anomalous behavior

Generated by OpenCVE AI on April 12, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-xr7v-m9px-q4qj MetaGPT has an eval injection in metagpt/strategy/tot.py
History

Thu, 30 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Deepwisdom
Deepwisdom metagpt
CPEs cpe:2.3:a:deepwisdom:metagpt:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:deepwisdom:metagpt:0.8.1:*:*:*:*:*:*:*
Vendors & Products Deepwisdom
Deepwisdom metagpt

Mon, 13 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Foundation Agents
Foundation Agents metagpt
Vendors & Products Foundation Agents
Foundation Agents metagpt

Sun, 12 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Title FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection
Weaknesses CWE-74
CWE-94
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Deepwisdom Metagpt
Foundation Agents Metagpt
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-13T17:48:44.488Z

Reserved: 2026-04-11T07:49:31.784Z

Link: CVE-2026-6110

cve-icon Vulnrichment

Updated: 2026-04-13T17:48:40.380Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-12T03:16:08.630

Modified: 2026-04-30T14:55:22.070

Link: CVE-2026-6110

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:56:26Z

Weaknesses