A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.
References
| Link | Resource |
|---|---|
| https://github.com/FoundationAgents/MetaGPT/ | Product |
| https://github.com/FoundationAgents/MetaGPT/issues/1942 | Issue Tracking Exploit |
| https://github.com/FoundationAgents/MetaGPT/pull/1988 | Issue Tracking Patch |
| https://vuldb.com/submit/791693 | Exploit Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/356524 | Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/356524/cti | Permissions Required VDB Entry |
Configurations
History
29 Apr 2026, 19:46
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/FoundationAgents/MetaGPT/ - Product | |
| References | () https://github.com/FoundationAgents/MetaGPT/issues/1942 - Issue Tracking, Exploit | |
| References | () https://github.com/FoundationAgents/MetaGPT/pull/1988 - Issue Tracking, Patch | |
| References | () https://vuldb.com/submit/791693 - Exploit, Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/356524 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/356524/cti - Permissions Required, VDB Entry | |
| CPE | cpe:2.3:a:deepwisdom:metagpt:*:*:*:*:*:*:*:* | |
| First Time |
Deepwisdom metagpt
Deepwisdom |
09 Apr 2026, 18:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-09 18:17
Updated : 2026-04-29 19:46
NVD link : CVE-2026-5970
Mitre link : CVE-2026-5970
CVE.ORG link : CVE-2026-5970
JSON object : View
Products Affected
deepwisdom
- metagpt