CVE-2026-0761

Name of the Vulnerable Software and Affected Versions Foundation Agents MetaGPT (affected versions not specified)

Description This issue is a code injection leading to remote code execution in Foundation Agents MetaGPT. It allows attackers to execute arbitrary code on affected systems without authentication. The root cause is insufficient validation of user-supplied strings before they are used to execute Python code within the actionoutput str to mapping function. An attacker can leverage this to execute code with the privileges of the service account. The flaw can be exploited over HTTP for initial access or lateral movement.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.