A critical remote code execution vulnerability has been identified in multiple Foundation Agents MetaGPT products. This flaw, tracked as CVE-2026-0761, allows an unauthenticated remote attacker to execute arbitrary code on a vulnerable system, potentially leading to a complete compromise of the application and its underlying server. Due to its high severity (CVSS 9.8) and lack of required authentication, immediate remediation is strongly advised to prevent data theft, service disruption, and further network intrusion.

This vulnerability is a code injection flaw within the actionoutput_str_to_mapping function. The function improperly handles a user-supplied string, failing to validate or sanitize it before using it in a context that allows for Python code execution. An unauthenticated remote attacker can craft a malicious string that, when processed by this function, is executed as code on the server. Successful exploitation results in arbitrary code execution with the permissions of the service account running the MetaGPT application.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation by a remote, unauthenticated attacker could lead to a complete compromise of the affected system's confidentiality, integrity, and availability. Potential consequences include theft of sensitive data processed by the application, deployment of ransomware, disruption of critical services, and using the compromised system as a launchpad for further attacks against the internal network. The lack of an authentication requirement significantly increases the risk, as any attacker with network access to the application can attempt to exploit it.

Immediate Action: The primary remediation is to apply the vendor-supplied patches immediately. Update all instances of Foundation Agents MetaGPT Multiple Products to the latest version that addresses this vulnerability. After patching, it is crucial to review application and system logs for any signs of exploitation that may have occurred prior to the update.

Proactive Monitoring: Implement enhanced monitoring on affected systems. Security teams should look for unusual or malformed inputs in logs related to the actionoutput_str_to_mapping function. Monitor for unexpected outbound network connections, new processes being spawned by the application's service account, and any unauthorized file modifications on the server. Intrusion Detection Systems (IDS) should be updated with signatures for this threat as they become available.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Deploy a Web Application Firewall (WAF) with rules designed to block malicious strings or code snippets targeting the vulnerable function.
• Restrict network access to the affected application to only trusted IP addresses and subnets.
• Run the application in a sandboxed or containerized environment with the lowest possible privileges to limit the impact of a potential compromise.

Public Exploit Available: false

This vulnerability represents a critical risk to the organization and must be addressed with the highest priority. All system owners must immediately apply the vendor-provided security updates to all affected Foundation Agents MetaGPT products. Given the CVSS score of 9.8 and the lack of an authentication requirement, this vulnerability is a prime target for opportunistic and targeted attacks. Although not currently listed on the CISA KEV list, its characteristics make it a likely candidate for future inclusion. Organizations should assume it will be exploited and act decisively to remediate the risk.