Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
MetaGPT up to 0.8.1 allows remote attackers to manipulate images
CVE-2026-6111
Summary
A security issue in MetaGPT's image processing code allows attackers to trick the system into fetching images from unauthorized sources. This could be used to spread malware or disrupt the system. We recommend upgrading to a fixed version of MetaGPT as soon as possible.
Original title
A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_...
Original description
A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 12 Apr 2026 · Updated: 12 Apr 2026 · First seen: 12 Apr 2026