CVE-2026-6109HIGH 8.8EPSS p12.8%

CVE-2026-6109CVE-2026-6109

Description

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.22% probability of exploitation · percentile 12.8% · 2026-06-18T12:00:27Z
Published2026-04-12
Last modified2026-04-29

Underlying weaknesses· 2

CWE-352CWE-862

References

  1. https://github.com/FoundationAgents/MetaGPT/
  2. https://github.com/FoundationAgents/MetaGPT/issues/1932
  3. https://vuldb.com/submit/791759
  4. https://vuldb.com/vuln/356969
  5. https://vuldb.com/vuln/356969/cti

2

TypeTargetConfidenceTier
WeaknessCross-Site Request Forgery (CSRF)cwe-3520%live
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-6110
CVE
CVE-2026-5970
CVE
CVE-2026-5971
CVE
CVE-2026-10566
CVE
CVE-2026-5973
CVE
CVE-2026-5974
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.