Executive Summary

CVE-2026-6109 is a critical vulnerability in the Mineflayer HTTP API component of FoundationAgents MetaGPT, specifically in the evaluateCode function of the file metagpt/environment/minecraft/mineflayer/index.js.

The vulnerability arises because the API endpoint /step accepts arbitrary JavaScript code via POST requests and executes it using eval() without any authentication or Cross-Origin Resource Sharing (CORS) protections.

This means an attacker can craft a malicious webpage that, when visited by a user running the vulnerable Mineflayer server, can send a POST request with malicious code that gets executed on the victim's machine.

The exploit allows remote code execution through a cross-site request forgery (CSRF) attack, enabling attackers to run arbitrary system commands, exfiltrate data, or establish persistent access.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts including allowing attackers to execute arbitrary system commands on your machine running the vulnerable MetaGPT Mineflayer HTTP API.

• Attackers can gain remote code execution without any authentication.
• They can exfiltrate sensitive data from your system.
• Attackers may establish persistent remote access, such as reverse shells.
• The vulnerability can lead to full system compromise on affected machines.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if the Mineflayer HTTP API server is running and accessible on network interfaces, especially if it is bound to 0.0.0.0 and listening on port 3000. You can test if the vulnerable `/step` endpoint is accessible without authentication and accepts POST requests with JavaScript code execution.

• Use network scanning tools like nmap to detect if port 3000 is open on the target machine: nmap -p 3000 <target-ip>
• Use curl or similar tools to send a test POST request to the `/step` endpoint to check if it executes code without authentication: curl -X POST http://<target-ip>:3000/step -d '{"code":"id"}' -H 'Content-Type: application/json'
• Monitor for unexpected files such as `/tmp/mineflayer_csrf_rce.txt` which may be created by proof-of-concept exploits.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable Mineflayer HTTP API by implementing authentication and limiting network exposure.

• Add API key-based authentication to the `/step` endpoint to prevent unauthorized access.
• Change the server binding from 0.0.0.0 to 127.0.0.1 to restrict access to localhost only.
• Add Cross-Origin Resource Sharing (CORS) protections to deny all cross-origin requests and prevent CSRF attacks.
• Replace the use of direct eval() in code execution with sandboxed environments such as vm2 to safely run user code.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in FoundationAgents MetaGPT's Mineflayer HTTP API allows remote attackers to execute arbitrary code via cross-site request forgery (CSRF), potentially leading to full system compromise.

Such a compromise can result in unauthorized access to sensitive data, which may violate data protection requirements under regulations like GDPR and HIPAA that mandate safeguarding personal and health information.

Failure to protect systems against this vulnerability could lead to breaches of confidentiality and integrity, thereby impacting compliance with these common standards and regulations.

Useful 0 Not Useful 0