CVE-2026-4515
published 2026-03-21CVE-2026-4515: A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file…
PriorityP345medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
0.24%
15.1th percentile
A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| deepwisdom | metagpt | <= 0.8.1 | — |
| foundation_agents | metagpt | — | — |
| foundation_agents | metagpt | — | — |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
ghsa·2026-05-26
CVE-2026-42568 [MEDIUM] CWE-90 Yamcs Vulnerable to LDAP Injection in LdapAuthModule
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
### Summary
An LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping.
### Root Cause
**File:** `yamcs-core/src/main/java/org/yamcs/security/LdapAuthModule.java:233`
The `username` parameter is inserted directly into an LDAP search filter without RFC 4515 escaping:
```java
// VULNERABLE
var filter = userFilter.replace("{0}", username);
var searchResult = getSingleResult(ctx, userBase, filter, controls);
```
LDAP wildcard characters (`*`, `(`, `)`) are accepted without sanitization.
### Impact
With a known valid password, `username=*` authenticates as the first user returned by th
GHSA
GHSA-6qq6-2j27-fq65: A vulnerability has been found in Foundation Agents MetaGPT up to 0
ghsa_unreviewed·2026-03-21
CVE-2026-4515 [MEDIUM] CWE-74 GHSA-6qq6-2j27-fq65: A vulnerability has been found in Foundation Agents MetaGPT up to 0
A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Citrix
Citrix Security Bulletin CTX127541
vendor_citrix·CVSS 4.3
CVE-2010-4515 [MEDIUM] Citrix Security Bulletin CTX127541
Citrix Security Bulletin CTX127541
CVE References: CVE-2010-4515, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-03-21
Published