Published April 9, 2026 · Updated April 10, 2026
CVE-2026-5971 is a high-severity vulnerability in FoundationAgents MetaGPT versions up to 0.8.1, which affects the XML Handler component. An attacker can execute remote manipulation, leading to improper handling of directives in dynamically evaluated code, potentially allowing arbitrary code execution. Security teams should urgently apply any available patches or updates to mitigate this risk, as the exploit has already been made public and could be actively used.
A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated code. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through a pull request but has not reacted yet.
CVE-2026-5971 is a high-severity vulnerability in MetaGPT up to version 0.8.1, risking remote code execution through XML Handler mishandling. Use patches and monitoring to mitigate risks.