Vulnerabilities ›

CVE-2026-4516

Medium

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The

CWE-74 — Weakness Type

                    Published: Mar 21, 2026                      ·  Modified: Mar 24, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

CVE-2026-4516 is a code injection vulnerability in MetaGPT versions up to 0.8.1 affecting the DataInterpreter component's write_analysis_code.py file. The vulnerability allows remote attackers to inject malicious code, with public exploits available and vendor non-responsiveness.

📄 Description (Arabic)

ثغرة حقن الأكواد في مكون DataInterpreter بملف write_analysis_code.py تسمح بتنفيذ أكواد بعيدة دون تفويض. الثغرة تؤثر على جميع إصدارات MetaGPT حتى الإصدار 0.8.1 وتتطلب ترقية فورية.

🤖 ملخص تنفيذي (AI)

A code injection flaw exists in MetaGPT up to version 0.8.1 in the DataInterpreter component that enables remote code execution through the write_analysis_code.py file. Public exploits are available and the vendor has not responded to disclosure attempts.

🤖 AI Intelligence Analysis Analyzed: May 17, 2026 04:19

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking telecom government energy

🎯 MITRE ATT&CK Techniques

T1190 T1059 T1203

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Immediately upgrade MetaGPT to version 0.8.2 or later. Implement input validation and sanitization for all user-supplied data processed by DataInterpreter. Deploy network segmentation to restrict MetaGPT service access. Monitor for suspicious code execution patterns and implement Web Application Firewall (WAF) rules to detect injection attempts.

🔧 خطوات المعالجة (العربية)

قم بترقية MetaGPT فوراً إلى الإصدار 0.8.2 أو أحدث. طبق التحقق من صحة المدخلات وتنظيفها لجميع البيانات المعالجة بواسطة DataInterpreter. قم بنشر تقسيم الشبكة لتقييد الوصول إلى خدمة MetaGPT. راقب أنماط تنفيذ الأكواد المريبة وطبق قواعد جدار الحماية لكشف محاولات الحقن.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.13.1.1 A.14.2.1

🔵 SAMA CSF

ID.BE-1 PR.DS-6 DE.CM-1

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1 A.14.2.5

🔗 References & Sources 4

🔗

https://github.com/Ka7arotto/cve/blob/main/MetaGPT-rce2.md

cna@vuldb.com

🔗

https://vuldb.com/?ctiid.352081

cna@vuldb.com

🔗

https://vuldb.com/?id.352081

cna@vuldb.com

🔗

https://vuldb.com/?submit.773930

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-74

Exploit No

Patch ✗ No

Published 2026-03-21

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-74

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-4516

Introduce Yourself

Sign In Required