{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4516", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-20T14:40:30.341Z", "datePublished": "2026-03-21T15:02:11.636Z", "dateUpdated": "2026-03-23T15:37:36.483Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-21T15:02:11.636Z"}, "title": "Foundation Agents MetaGPT DataInterpreter write_analysis_code.py injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-707", "lang": "en", "description": "Improper Neutralization"}]}], "affected": [{"vendor": "Foundation Agents", "product": "MetaGPT", "versions": [{"version": "0.8.0", "status": "affected"}, {"version": "0.8.1", "status": "affected"}], "modules": ["DataInterpreter"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-20T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-20T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-20T15:46:18.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Goku (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/?id.352081", "name": "VDB-352081 | Foundation Agents MetaGPT DataInterpreter write_analysis_code.py injection", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.352081", "name": "VDB-352081 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.773930", "name": "Submit #773930 | deepwisdom MetaGPT v0.8.1 Remote command execution", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Ka7arotto/cve/blob/main/MetaGPT-rce2.md", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T15:37:29.952602Z", "id": "CVE-2026-4516", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:37:36.483Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4516", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T15:37:29.952602Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:37:32.994Z"}}], "cna": {"title": "Foundation Agents MetaGPT DataInterpreter write_analysis_code.py injection", "credits": [{"lang": "en", "type": "reporter", "value": "Goku (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Foundation Agents", "modules": ["DataInterpreter"], "product": "MetaGPT", "versions": [{"status": "affected", "version": "0.8.0"}, {"status": "affected", "version": "0.8.1"}]}], "timeline": [{"lang": "en", "time": "2026-03-20T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-20T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-20T15:46:18.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.352081", "name": "VDB-352081 | Foundation Agents MetaGPT DataInterpreter write_analysis_code.py injection", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.352081", "name": "VDB-352081 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.773930", "name": "Submit #773930 | deepwisdom MetaGPT v0.8.1 Remote command execution", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Ka7arotto/cve/blob/main/MetaGPT-rce2.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-707", "description": "Improper Neutralization"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-21T15:02:11.636Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4516", "state": "PUBLISHED", "dateUpdated": "2026-03-23T15:37:36.483Z", "dateReserved": "2026-03-20T14:40:30.341Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-21T15:02:11.636Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-4516", "lastModified": "2026-03-23T14:31:37.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-21T15:17:11.117", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/Ka7arotto/cve/blob/main/MetaGPT-rce2.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.352081"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.352081"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.773930"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-707"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.8.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.8.1"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "MetaGPT", "source": "cna", "vendor": "Foundation Agents"}, "product": "metagpt", "vendor": "foundation_agents"}], "analysis": {"en": {"generated_at": "2026-03-21T16:23:10.964233+00:00", "value": {"mitigation_remediation": ["Verify which version of Foundation Agents MetaGPT is installed.", "If running MetaGPT 0.8.1 or earlier, upgrade to a patched version when it becomes available.", "If immediate upgrade is not possible, restrict the DataInterpreter input to trusted sources and apply input validation to reject malicious content.", "Regularly monitor vendor advisories and security bulletins for updates.", "Apply any vendor-provided patch or hotfix promptly."], "summary": {"action": "Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Foundation Agents MetaGPT versions up to 0.8.1 are affected. The vulnerability resides in the DataInterpreter module of the MetaGPT framework, and any deployment of the software in its current form remains vulnerable until a patch or update is applied.", "description_and_impact": "The vulnerability allows arbitrary code injection through untrusted input handling in the DataInterpreter component's write_analysis_code.py file, leading to potential remote code execution or alteration of system behavior. The flaw is categorized under CWE-707 and CWE-74, indicating improper handling and failure to neutralize external input. Attackers could exploit this by supplying crafted data that the system executes, compromising confidentiality, integrity, and availability.", "risk_and_exploitability": "The CVSS base score of 5.3 denotes moderate severity, and no EPSS score is available. The vulnerability is not listed in CISA's KEV catalog, but an exploit is publicly available, and remote exploitation is possible. Attackers can target the system over the network by injecting malicious input, so monitoring and updates are essential."}}}}, "created": "2026-03-23T09:49:08.565277+00:00", "updated": "2026-03-25T14:47:10.910486+00:00", "vendors": ["foundation_agents", "foundation_agents$PRODUCT$metagpt"]}