Detections
Analytics

CVE-2026-5971

medium

Description

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated code. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.

References

https://vuldb.com/vuln/356525

https://github.com/FoundationAgents/MetaGPT/issues/1928

https://vuldb.com/vuln/356525/cti

https://vuldb.com/submit/791734

https://github.com/FoundationAgents/MetaGPT/issues/1956

https://github.com/FoundationAgents/MetaGPT/

Details

Source: Mitre, NVD

Published: 2026-04-09

Updated: 2026-04-29

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00052