CVE-2026-4515

CVSS v2.0

6.5

Medium

AV:N/AC:L/Au:S/C:P/I:P/A:P

A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploit

Fix

Code Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-74

Related Identifiers

CVE-2026-4515

Affected Products

Metagpt

CVE-2026-4515

Weakness Enumeration

Related Identifiers

Affected Products

References · 6