Vulnerability Description
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Deepwisdom | Metagpt | <= 0.8.1 |
Related Weaknesses (CWE)
References
- https://github.com/FoundationAgents/MetaGPT/Product
- https://github.com/FoundationAgents/MetaGPT/issues/1932Issue TrackingExploitMitigation
- https://vuldb.com/submit/791759ExploitThird Party AdvisoryVDB Entry
- https://vuldb.com/vuln/356969Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/356969/ctiPermissions Required
FAQ
What is CVE-2026-6109?
CVE-2026-6109 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component...
How severe is CVE-2026-6109?
CVE-2026-6109 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-6109?
Check the references section above for vendor advisories and patch information. Affected products include: Deepwisdom Metagpt.