CVE-2026-0760

Name of the Vulnerable Software and Affected Versions Foundation Agents MetaGPT (affected versions not specified)

Description A flaw exists in the deserialize message function that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation. The issue stems from a lack of proper validation of user-supplied data, leading to the deserialization of untrusted data. An attacker can leverage this to execute code within the context of the service account.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.