Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
MetaGPT Mineflayer API Cross-Site Request Forgery Risk
CVE-2026-6109
Summary
The MetaGPT Mineflayer API, used in Minecraft bots, has a security flaw that makes it vulnerable to a type of attack where an attacker can trick the system into performing unwanted actions. This could happen if a malicious user sends a specially crafted request to the system. The developers were informed of the issue, but they have not yet fixed it. Users should be cautious and consider updating to a newer version.
Original title
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the compon...
Original description
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
5.0
nvd CVSS3.1
4.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-352
Cross-Site Request Forgery (CSRF)
CWE-862
Missing Authorization
Published: 12 Apr 2026 · Updated: 12 Apr 2026 · First seen: 12 Apr 2026