CVE-2026-6110
Published: 12 April 2026
Summary
CVE-2026-6110 is a high-severity Injection (CWE-74) vulnerability in Deepwisdom Metagpt. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely remediation of the known code injection flaw in MetaGPT's generate_thoughts function to eliminate the vulnerability.
Requires validation of inputs to the Tree-of-Thought Solver to neutralize special elements and prevent remote code injection.
Filters outputs from generate_thoughts to properly neutralize special elements before use by downstream components, addressing CWE-74.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote code injection vulnerability in Python-based MetaGPT framework enables exploitation of public-facing applications (T1190) and arbitrary Python code execution via T1059.006.
NVD Description
A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit…
more
is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-6110 is a code injection vulnerability affecting FoundationAgents MetaGPT versions up to 0.8.1, specifically in the generate_thoughts function of the metagpt/strategy/tot.py file within the Tree-of-Thought Solver component. Published on 2026-04-12, it is linked to CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) and CWE-94 (Improper Control of Generation of Code), with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).
The vulnerability enables remote attackers requiring no privileges or user interaction to exploit it over the network with low attack complexity, leading to arbitrary code injection. Successful exploitation can result in low-level impacts to confidentiality, integrity, and availability.
References indicate the project was informed early via GitHub issue #1933 but has not responded as of the latest details. A related pull request #1946 appears in the repository, potentially offering a fix, with additional submission and vulnerability details on VulDB (vuldb.com/submit/791761 and vuldb.com/vuln/356970). The exploit is publicly available and might be used.
MetaGPT, an AI agent framework incorporating Tree-of-Thought reasoning, has no reported real-world exploitation at this time.
Details
- CWE(s)