{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6110", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-11T07:49:31.784Z", "datePublished": "2026-04-12T02:00:21.626Z", "dateUpdated": "2026-04-13T17:48:44.488Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-12T02:00:21.626Z"}, "title": "FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "FoundationAgents", "product": "MetaGPT", "versions": [{"version": "0.8.0", "status": "affected"}, {"version": "0.8.1", "status": "affected"}], "modules": ["Tree-of-Thought Solver"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-11T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-11T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-11T09:54:50.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Eric-d (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/356970", "name": "VDB-356970 | FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/356970/cti", "name": "VDB-356970 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/791761", "name": "Submit #791761 | FoundationAgents MetaGPT 0.8.1 Code Injection (CWE-94)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/FoundationAgents/MetaGPT/issues/1933", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/FoundationAgents/MetaGPT/pull/1946", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/FoundationAgents/MetaGPT/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T17:48:29.606546Z", "id": "CVE-2026-6110", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T17:48:44.488Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection", "credits": [{"lang": "en", "type": "reporter", "value": "Eric-d (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "FoundationAgents", "modules": ["Tree-of-Thought Solver"], "product": "MetaGPT", "versions": [{"status": "affected", "version": "0.8.0"}, {"status": "affected", "version": "0.8.1"}]}], "timeline": [{"lang": "en", "time": "2026-04-11T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-11T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-11T09:54:50.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/356970", "name": "VDB-356970 | FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/356970/cti", "name": "VDB-356970 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/791761", "name": "Submit #791761 | FoundationAgents MetaGPT 0.8.1 Code Injection (CWE-94)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/FoundationAgents/MetaGPT/issues/1933", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/FoundationAgents/MetaGPT/pull/1946", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/FoundationAgents/MetaGPT/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-12T02:00:21.626Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6110", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T17:48:29.606546Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-13T17:48:40.380Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-6110", "state": "PUBLISHED", "dateUpdated": "2026-04-12T02:00:21.626Z", "dateReserved": "2026-04-11T07:49:31.784Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-12T02:00:21.626Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:deepwisdom:metagpt:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "018D50FC-A37E-4658-9165-3751753243BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:deepwisdom:metagpt:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F3E5C450-428D-4576-BCB3-622B8633EF67", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet."}], "id": "CVE-2026-6110", "lastModified": "2026-04-30T14:55:22.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-12T03:16:08.630", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/FoundationAgents/MetaGPT/"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/FoundationAgents/MetaGPT/issues/1933"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/FoundationAgents/MetaGPT/pull/1946"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/submit/791761"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/vuln/356970"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/vuln/356970/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.8.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.8.1"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 98.0, "source": "matching"}]}, "original": {"product": "MetaGPT", "source": "cna", "vendor": "FoundationAgents"}, "product": "metagpt", "vendor": "foundation_agents"}], "analysis": {"en": {"generated_at": "2026-04-12T04:20:17.294866+00:00", "value": {"mitigation_remediation": ["Upgrade to a MetaGPT release newer than\u202f0.8.1 once a fix becomes available", "Validate and sanitize all input that reaches the Tree\u2011of\u2011Thought Solver to prevent code injection", "Monitor application logs and host activity for indicators of unintended code execution and employ intrusion detection to flag anomalous behavior"], "summary": {"action": "Patch Immediately", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All installations of FoundationAgents MetaGPT versions \u22640.8.1 contain the vulnerable code in the Tree\u2011of\u2011Thought Solver component. The flaw resides in tot.py, and any deployment that imports or uses generate_thoughts is potentially exposed. No patch or mitigation is available from the vendor at this time, so the issue remains active for all affected releases.", "description_and_impact": "A flaw affecting FoundationAgents MetaGPT up to version\u202f0.8.1 allows code injection through the generate_thoughts function in tot.py. The description indicates that manipulation of this function leads to code injection, which can be triggered remotely. Based on the description, it is inferred that an attacker can craft malicious input that is evaluated by the system, resulting in the execution of arbitrary code and full compromise of the host running MetaGPT.", "risk_and_exploitability": "The CVSS score of 6.9 denotes moderate severity, yet the vulnerability permits remote code execution. The exploit code is publicly available and may be employed by attackers. Although an EPSS score is not published, the combination of remote accessibility and lack of vendor response raises the likelihood of exploitation. It is inferred that the attack vector is remote exploitation of services that expose the vulnerable function. The vulnerability is not yet listed in the CISA KEV catalog, but the potential for critical impact warrants high priority action."}}}}, "created": "2026-04-13T12:41:44.067475+00:00", "updated": "2026-04-13T12:56:26.391561+00:00", "vendors": ["foundation_agents", "foundation_agents$PRODUCT$metagpt"]}