A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-4516 is a code injection vulnerability in MetaGPT versions up to 0.8.1 affecting the DataInterpreter component's write_analysis_code.py file. The vulnerability allows remote attackers to inject malicious code, with public exploits available and vendor non-responsiveness.
ثغرة حقن الأكواد في مكون DataInterpreter بملف write_analysis_code.py تسمح بتنفيذ أكواد بعيدة دون تفويض. الثغرة تؤثر على جميع إصدارات MetaGPT حتى الإصدار 0.8.1 وتتطلب ترقية فورية.
A code injection flaw exists in MetaGPT up to version 0.8.1 in the DataInterpreter component that enables remote code execution through the write_analysis_code.py file. Public exploits are available and the vendor has not responded to disclosure attempts.
Immediately upgrade MetaGPT to version 0.8.2 or later. Implement input validation and sanitization for all user-supplied data processed by DataInterpreter. Deploy network segmentation to restrict MetaGPT service access. Monitor for suspicious code execution patterns and implement Web Application Firewall (WAF) rules to detect injection attempts.
قم بترقية MetaGPT فوراً إلى الإصدار 0.8.2 أو أحدث. طبق التحقق من صحة المدخلات وتنظيفها لجميع البيانات المعالجة بواسطة DataInterpreter. قم بنشر تقسيم الشبكة لتقييد الوصول إلى خدمة MetaGPT. راقب أنماط تنفيذ الأكواد المريبة وطبق قواعد جدار الحماية لكشف محاولات الحقن.