CVE-2026-6109

MEDIUM NVD

CVSS Score 4.3

Severity MEDIUM

Published Apr 12, 2026

Vendor unknown

Description

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

References

https://github.com/FoundationAgents/MetaGPT/
https://github.com/FoundationAgents/MetaGPT/issues/1932
https://vuldb.com/submit/791759
https://vuldb.com/vuln/356969
https://vuldb.com/vuln/356969/cti