CVE-2026-6109 | FoundationAgents MetaGPT up to 0.8.1 Mineflayer HTTP API index.js evaluateCode cross-site request forgery (Issue 1932)

A vulnerability labeled as problematic has been found in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery.

This vulnerability appears as CVE-2026-6109. The attack may be performed from remote. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-6109 | FoundationAgents MetaGPT up to 0.8.1 Mineflayer HTTP API index.js evaluateCode cross-site request forgery (Issue 1932)

Post correlati

CVE-2024-38303 | Dell PowerEdge Platform up to 2.22.0 14G Intel BIOS input validation (dsa-2024-309)

CVE-2023-48363 | Siemens OpenPCS RPC null pointer dereference (ssa-753746)

CVE-2025-24800 | polytope-labs hyperbridge up to 15.0.0 control flow (GHSA-wwx5-gpgr-vxr7)

CVE-2024-40836 | Apple watchOS Shortcut access control