CVE-2026-5973

HIGH CVSS 7.3 View on NVD ↗

Description

A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through a pull request but has not reacted yet.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References

https://github.com/FoundationAgents/MetaGPT/
https://github.com/FoundationAgents/MetaGPT/issues/1930
https://github.com/FoundationAgents/MetaGPT/pull/1983
https://vuldb.com/submit/791755
https://vuldb.com/vuln/356527
https://vuldb.com/vuln/356527/cti

Published: Apr 09, 2026 20:16 UTC Modified: Apr 09, 2026 20:16 UTC