PT-2026-32144 · Foundation Agents · Metagpt
Eric-D
·
Published
2026-04-12
·
Updated
2026-04-30
·
CVE-2026-6111
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FoundationAgents MetaGPT versions up to 0.8.1
Description
A security flaw exists in FoundationAgents MetaGPT versions up to 0.8.1. The
decode image function within the metagpt/utils/common.py file is susceptible to server-side request forgery (SSRF) through manipulation of the img url or b64 argument. This allows for remote attacks. The exploit is publicly available. The project was notified of the issue but has not yet responded.Recommendations
Update FoundationAgents MetaGPT to a version newer than 0.8.1.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Metagpt