A vulnerability was found in FoundationAgents MetaGPT up to 0.8.2 . It has been classified as critical . Affected by this issue is the function check_cmd_exists of the file metagpt/utils/common.py . This manipulation of the argument mermaid.path causes command injection. This vulnerability appears as CVE-2026-11455 . The attack may be initiated remotely. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.