CVE-2026-6111 | FoundationAgents MetaGPT up to 0.8.1 metagpt/utils/common.py decode_image img_url_or_b64 server-side request forgery (Issue 1934)

Inserito da Angelo Barbosa | Apr 11, 2026 | CVE

A vulnerability described as critical has been identified in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b64 results in server-side request forgery.

This vulnerability is known as CVE-2026-6111. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-6111 | FoundationAgents MetaGPT up to 0.8.1 metagpt/utils/common.py decode_image img_url_or_b64 server-side request forgery (Issue 1934)

Post correlati

CVE-2024-6253 | itsourcecode Online Food Ordering System 1.0 /purchase.php customer sql injection

CVE-2024-2745 | Rapid7 InsightVM prior 6.6.244 Maintenance Mode Login Page get request method with sensitive query strings

CVE-2024-8279 | Lenovo HX5530 Appliance XCC File os command injection

CVE-2023-7185 | 7-card Fakabao up to 1.0_build20230805 shop/wxpay_notify.php out_trade_no sql injection