CVE-2026-11455
MediumCVSS 5.0Summary
A vulnerability CVE-2026-11455 was identified in FoundationAgents MetaGPT up to version 0.8.2 in the function check_cmd_exists of the file metagpt/utils/common.py. Manipulation of the argument mermaid.path leads to command injection.
Risk Assessment
An attacker may remotely exploit this vulnerability, posing a serious security threat to the system. The high complexity of the attack makes it difficult to execute, but still possible.
Recommendation
It is recommended to update FoundationAgents MetaGPT to the latest version to mitigate this vulnerability. Additionally, systems should be monitored for potential attempts to exploit this flaw.
Original NVD description (English source)
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function check_cmd_exists of the file metagpt/utils/common.py. This manipulation of the argument mermaid.path causes command injection. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

