CVE-2026-6109

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

4.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N                                    

Vulnerability Description

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

Vulnerability Details

Published Date

April 12, 2026

Last Modified

April 14, 2026

CWE ID

CWE-352

Source

NVD

Vendor

pip

Product

metagpt

External References

https://github.com/FoundationAgents/MetaGPT/
https://github.com/FoundationAgents/MetaGPT/issues/1932
https://vuldb.com/submit/791759
https://vuldb.com/vuln/356969
https://vuldb.com/vuln/356969/cti

CVE-2026-6109

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment