CVE-2026-4516
MEDIUMFoundation Agents MetaGPT DataInterpreter write_analysis_code.py injection
Title source: cnaDescription
A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Scores
CVSS v3
6.3
EPSS
0.0005
EPSS Percentile
14.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-74
CWE-707
Status
published
Products (2)
Foundation Agents/MetaGPT
0.8.0
Foundation Agents/MetaGPT
0.8.1
Published
Mar 21, 2026
Tracked Since
Mar 21, 2026