{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5971", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-09T12:04:20.721Z", "datePublished": "2026-04-09T18:00:19.828Z", "dateUpdated": "2026-04-13T20:14:17.735Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-09T18:00:19.828Z"}, "title": "FoundationAgents MetaGPT XML action_node.py ActionNode.xml_fill eval injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-95", "lang": "en", "description": "Improper Neutralization of Directives in Dynamically Evaluated Code"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "FoundationAgents", "product": "MetaGPT", "versions": [{"version": "0.8.0", "status": "affected"}, {"version": "0.8.1", "status": "affected"}], "modules": ["XML Handler"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated code. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-09T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-09T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-09T14:09:29.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Eric-c (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/356525", "name": "VDB-356525 | FoundationAgents MetaGPT XML action_node.py ActionNode.xml_fill eval injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/356525/cti", "name": "VDB-356525 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/791734", "name": "Submit #791734 | FoundationAgents MetaGPT 0.8.1 Eval Injection (CWE-95)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/FoundationAgents/MetaGPT/issues/1928", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/FoundationAgents/MetaGPT/issues/1956", "tags": ["issue-tracking"]}, {"url": "https://github.com/FoundationAgents/MetaGPT/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T20:14:01.423457Z", "id": "CVE-2026-5971", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:14:17.735Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5971", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T20:14:01.423457Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:14:13.475Z"}}], "cna": {"title": "FoundationAgents MetaGPT XML action_node.py ActionNode.xml_fill eval injection", "credits": [{"lang": "en", "type": "reporter", "value": "Eric-c (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "FoundationAgents", "modules": ["XML Handler"], "product": "MetaGPT", "versions": [{"status": "affected", "version": "0.8.0"}, {"status": "affected", "version": "0.8.1"}]}], "timeline": [{"lang": "en", "time": "2026-04-09T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-09T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-09T14:09:29.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/356525", "name": "VDB-356525 | FoundationAgents MetaGPT XML action_node.py ActionNode.xml_fill eval injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/356525/cti", "name": "VDB-356525 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/791734", "name": "Submit #791734 | FoundationAgents MetaGPT 0.8.1 Eval Injection (CWE-95)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/FoundationAgents/MetaGPT/issues/1928", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/FoundationAgents/MetaGPT/issues/1956", "tags": ["issue-tracking"]}, {"url": "https://github.com/FoundationAgents/MetaGPT/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated code. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-95", "description": "Improper Neutralization of Directives in Dynamically Evaluated Code"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-09T18:00:19.828Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5971", "state": "PUBLISHED", "dateUpdated": "2026-04-13T20:14:17.735Z", "dateReserved": "2026-04-09T12:04:20.721Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-09T18:00:19.828Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:deepwisdom:metagpt:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2F9E578-25E5-4DB5-B4A2-4117F26DC2DE", "versionEndIncluding": "0.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated code. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet."}], "id": "CVE-2026-5971", "lastModified": "2026-04-29T19:45:53.750", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-09T18:17:04.723", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/FoundationAgents/MetaGPT/"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking", "Exploit"], "url": "https://github.com/FoundationAgents/MetaGPT/issues/1928"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/FoundationAgents/MetaGPT/issues/1956"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/submit/791734"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/vuln/356525"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/vuln/356525/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "CWE-95"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.8.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.8.1"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 98.0, "source": "matching"}]}, "original": {"product": "MetaGPT", "source": "cna", "vendor": "FoundationAgents"}, "product": "metagpt", "vendor": "foundation_agents"}], "analysis": {"en": {"generated_at": "2026-04-09T19:20:35.899503+00:00", "value": {"mitigation_remediation": ["Apply a patched version of MetaGPT (0.8.2 or later) if available. If a patch is not yet released, deploy the latest tested version from the official repository."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects FoundationAgents MetaGPT versions up to 0.8.1. Users running any of those releases are potentially exposed. No specific patch versions are listed, but the CVE statement indicates that the component is the XML Handler in metagpt/actions/action_node.py.", "description_and_impact": "A flaw in FoundationAgents MetaGPT disables proper neutralization of directives in dynamically evaluated code within the ActionNode.xml_fill function. This code evaluation vulnerability permits arbitrary code execution when an attacker supplies crafted input. An attacker who can influence the XML payload fed to this function could gain full control of the hosting environment, compromising confidentiality, integrity, and availability of the affected application. The description confirms that the exploit is published and usable, underscoring that the risk is not theoretical.", "risk_and_exploitability": "The CVSS score of 6.9 shows a moderate to high severity, and no EPSS score is available, so precise exploitation probability is unknown. The vulnerability is not listed in CISA's KEV catalog, but the public availability of an exploit means that a remote attacker can exploit it. Given that the project has not yet responded to reported issues, the likelihood of a widespread attack remains significant, and the impact would be severe if execution succeeds."}}}}, "created": "2026-04-10T08:52:37.541168+00:00", "updated": "2026-04-10T09:31:46.859640+00:00", "vendors": ["foundation_agents", "foundation_agents$PRODUCT$metagpt"]}