CVE-2026-6111

FoundationAgents MetaGPT common.py decode_image server-side request forgery

CVSS 5.3 MEDIUMEPSS 0.3%CWE-918

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

FoundationAgents · MetaGPT

PoCs públicas encontradas — 1

cve_referencegithub.com/FoundationAgents/MetaGPT/issues/1934no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/FoundationAgents/MetaGPT/https://github.com/FoundationAgents/MetaGPT/issues/1934 https://github.com/FoundationAgents/MetaGPT/pull/1941 https://vuldb.com/submit/791762 https://vuldb.com/vuln/356971 https://vuldb.com/vuln/356971/cti