CVE-2026-11455
Deferred Deferred - Pending Action

Command Injection in FoundationAgents MetaGPT

Publication date: 2026-06-07

Last updated on: 2026-06-07

Assigner: VulDB

Description
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function check_cmd_exists of the file metagpt/utils/common.py. This manipulation of the argument mermaid.path causes command injection. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-07
Last Modified
2026-06-07
Generated
2026-06-28
AI Q&A
2026-06-07
EPSS Evaluated
2026-06-26
NVD
CVE-2026-11455
EUVD
EUVD-2026-34985

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
foundationagents metagpt to 0.8.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-11455 is a command injection vulnerability in MetaGPT's Mermaid rendering flow. It occurs because MetaGPT allows users to configure the Mermaid CLI executable path via the mermaid.path field in the configuration file, and this value is used directly in shell commands without proper sanitization.

An attacker who can modify this configuration can inject arbitrary shell commands by including shell metacharacters or commands in the mermaid.path value, leading to arbitrary command execution with the privileges of the user running MetaGPT.

The vulnerability exists in two places: the check_cmd_exists() function in metagpt/utils/common.py and the mermaid_to_file() function in metagpt/utils/mermaid.py, both of which execute shell commands constructed using the unsafe mermaid.path value.

Impact Analysis

This vulnerability can allow an attacker who has the ability to modify the mermaid.path configuration to execute arbitrary shell commands on the system running MetaGPT.

Such arbitrary command execution can lead to unauthorized actions including data theft, system compromise, or disruption of services depending on the privileges of the MetaGPT user.

However, exploitation is considered difficult and requires a high degree of complexity, and the attack must be initiated remotely.

Detection Guidance

This vulnerability can be detected by checking if the MetaGPT configuration file contains an unsafe or manipulated value in the `mermaid.path` field, which is used to specify the Mermaid CLI executable path. Since the vulnerability involves command injection via this path, inspecting the configuration for suspicious shell metacharacters or commands is key.

Additionally, monitoring for unexpected shell command executions or unusual process invocations related to Mermaid diagram generation may help detect exploitation attempts.

Suggested commands to detect potential exploitation or unsafe configuration include:

  • Inspect the MetaGPT configuration file (usually `config.yaml` or `~/.metagpt/config2.yaml`) for the `mermaid.path` value: `grep mermaid.path ~/.metagpt/config2.yaml`
  • Check for suspicious shell metacharacters or commands in the `mermaid.path` value, such as semicolons (`;`), backticks, or other shell operators.
  • Monitor running processes or recent command executions related to Mermaid CLI: `ps aux | grep mmdc` or `ps aux | grep mermaid`
  • Audit shell command history or logs for unexpected commands triggered by MetaGPT.
Mitigation Strategies

Immediate mitigation steps include sanitizing or restricting the `mermaid.path` configuration value to prevent injection of arbitrary shell commands.

Specifically:

  • Do not allow untrusted users to modify the `mermaid.path` configuration.
  • Manually verify and set the `mermaid.path` to a safe, absolute path to the legitimate Mermaid CLI executable without any shell metacharacters.
  • Avoid using shell-based command execution methods that concatenate user input directly into shell commands. Instead, use safer APIs that do not invoke a shell or properly escape inputs.
  • Monitor for updates or patches from the MetaGPT project addressing this vulnerability and apply them once available.
  • If possible, restrict the permissions of the user running MetaGPT to limit the impact of any potential exploitation.
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11455. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart