CVE-2026-6111

MEDIUM

FoundationAgents MetaGPT common.py decode_image server-side request forgery

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-6111. PoCs published by MonsterWsr-hub.

AI-analyzed exploit summary This repository contains a Python script that scans for CVE-2026-6111 by sending a crafted POST request to '/php/ping.php' and checking if the response contains the injected string 'test'. It supports single URL and batch scanning with proxy functionality.

Description

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Exploits (1)

nomisec SCANNER

by MonsterWsr-hub · poc

https://github.com/MonsterWsr-hub/CVE-2026-6111

View Code ZIP pw:eip

This repository contains a Python script that scans for CVE-2026-6111 by sending a crafted POST request to '/php/ping.php' and checking if the response contains the injected string 'test'. It supports single URL and batch scanning with proxy functionality.

Classification

Scanner 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Unknown (likely a web application with a vulnerable PHP endpoint)

No auth needed

Prerequisites: Network access to the target URL · Python 3 with 'requests' and 'tqdm' libraries

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Apr 28, 2026 Full analysis →

References (6)

Core 6

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-356971 | FoundationAgents MetaGPT common.py decode_image server-side request forgery

https://vuldb.com/vuln/356971

Signature, Permissions Required signature permissions-required

VDB-356971 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/356971/cti

Third Party Advisory third-party-advisory

Submit #791762 | FoundationAgents MetaGPT 0.8.1 Server-Side Request Forgery (CWE-918)

https://vuldb.com/submit/791762

Exploit exploit issue-tracking

https://github.com/FoundationAgents/MetaGPT/issues/1934

Patch issue-tracking patch

https://github.com/FoundationAgents/MetaGPT/pull/1941

Product product

https://github.com/FoundationAgents/MetaGPT/

Scores

CVSS v3 6.3

EPSS 0.0001

EPSS Percentile 3.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (5)

deepwisdom/metagpt 0.8.0

deepwisdom/metagpt 0.8.1

FoundationAgents/MetaGPT 0.8.0

FoundationAgents/MetaGPT 0.8.1

pypi/metagpt 0PyPI

Published Apr 12, 2026

Tracked Since Apr 12, 2026