Vulnerability Description
A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Deepwisdom | Metagpt | <= 0.8.1 |
Related Weaknesses (CWE)
References
- https://github.com/Ka7arotto/cve/blob/main/MetaGPT-rce2.mdBroken Link
- https://vuldb.com/?ctiid.352081Permissions RequiredVDB Entry
- https://vuldb.com/?id.352081Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.773930Third Party AdvisoryVDB Entry
FAQ
What is CVE-2026-4516?
CVE-2026-4516 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The ...
How severe is CVE-2026-4516?
CVE-2026-4516 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-4516?
Check the references section above for vendor advisories and patch information. Affected products include: Deepwisdom Metagpt.