| Title | FoundationAgents MetaGPT 0.8.2 Command Injection |
|---|
| Description | MetaGPT (GitHub project: https://github.com/FoundationAgents/MetaGPT) contains a command injection vulnerability in its Mermaid diagram rendering functionality. The issue stems from unsafe handling of the `mermaid.path` configuration value, which is used to specify the path to the Mermaid CLI executable.
An attacker who can control the `mermaid.path` setting in `config.yaml` can inject arbitrary shell metacharacters. Two code locations are vulnerable:
1. `metagpt/utils/common.py` - `check_cmd_exists()` passes the path directly to `os.system()`.
2. `metagpt/utils/mermaid.py` - `mermaid_to_file()` builds a shell command using `asyncio.create_subprocess_shell()` and concatenates the path into the command string.
Because the path is not sanitized or treated as an argument list, shell syntax such as `;`, `|`, or `$()` is interpreted by the underlying shell. This allows arbitrary command execution in the security context of the MetaGPT process.
No special Mermaid input is required; the vulnerability is triggered whenever the `nodejs` Mermaid engine is active and a diagram is rendered. The issue is not in Mermaid CLI itself but in how MetaGPT constructs the execution command.
Impact: Remote code execution if an attacker can modify the configuration file or supply a crafted configuration through other means (e.g., via a compromised workspace or supply chain attack).
Affected versions: All versions up to the latest release (0.8.2) at the time of discovery (no fix has been released). The vulnerability is present wherever `mermaid.engine = "nodejs"` is used and `mermaid.path` is configurable. |
|---|
| Source | ⚠️ https://www.notion.so/asuka39/MetaGPT-Command-Injection-via-Mermaid-path-Configuration-35fe35b8556880b29113c8c1b414a8b2?source=copy_link |
|---|
| User | ASUKA39 (UID 70397) |
|---|
| Submission | 05/13/2026 08:28 (26 days ago) |
|---|
| Moderation | 06/06/2026 17:55 (24 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 369074 [FoundationAgents MetaGPT up to 0.8.2 metagpt/utils/common.py check_cmd_exists mermaid.path command injection] |
|---|
| Points | 20 |
|---|