彙總 deepwisdom 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 CSRF與SSRF 等問題,部分漏洞可能導致 異常行為,並影響 軟體部署與生產負載 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-6111 | A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | [email protected] | 2.1 | 0.04% | 2026-04-12 | 2026-04-30 |
| CVE-2026-6110 | A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet. | [email protected] | 5.5 | 0.05% | 2026-04-12 | 2026-04-30 |
| CVE-2026-6109 | A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet. | [email protected] | 2.1 | 0.01% | 2026-04-12 | 2026-04-29 |
| CVE-2026-5974 | A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the problem early through a pull request but has not reacted yet. | [email protected] | 6.9 | 0.46% | 2026-04-09 | 2026-04-29 |
| CVE-2026-5973 | A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through a pull request but has not reacted yet. | [email protected] | 5.5 | 0.48% | 2026-04-09 | 2026-04-29 |
| CVE-2026-5972 | A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.run_command in the library metagpt/tools/libs/terminal.py. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The identifier of the patch is d04ffc8dc67903e8b327f78ec121df5e190ffc7b. Applying a patch is the recommended action to fix this issue. | [email protected] | 5.5 | 0.46% | 2026-04-09 | 2026-04-29 |
| CVE-2026-5971 | A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated code. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet. | [email protected] | 5.5 | 0.05% | 2026-04-09 | 2026-04-29 |
| CVE-2026-5970 | A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through a pull request but has not reacted yet. | [email protected] | 5.5 | 0.05% | 2026-04-09 | 2026-04-29 |
| CVE-2026-4516 | A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 2.1 | 0.06% | 2026-03-21 | 2026-04-29 |
| CVE-2026-4515 | A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 2.1 | 0.06% | 2026-03-21 | 2026-04-29 |
| CVE-2026-0761 | Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The specific flaw exists within the actionoutput_str_to_mapping function. The issue results from the lack of proper validation of a user-supplied string before using it to execute Python code. An attacker c | [email protected] | 9.8 | 1.52% | 2026-01-23 | 2026-02-20 |
| CVE-2026-0760 | Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The specific flaw exists within the deserialize_message function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data | [email protected] | 9.8 | 2.46% | 2026-01-23 | 2026-02-20 |
| CVE-2024-23750 | MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen. | [email protected] | 8.8 | 0.53% | 2024-01-22 | 2025-06-20 |