A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through a pull request but has not reacted yet.
References
| Link | Resource |
|---|---|
| https://github.com/FoundationAgents/MetaGPT/ | Product |
| https://github.com/FoundationAgents/MetaGPT/issues/1930 | Issue Tracking Exploit Mitigation |
| https://github.com/FoundationAgents/MetaGPT/pull/1983 | Issue Tracking Patch |
| https://vuldb.com/submit/791755 | Exploit Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/356527 | Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/356527/cti | Permissions Required |
Configurations
History
29 Apr 2026, 19:14
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/FoundationAgents/MetaGPT/ - Product | |
| References | () https://github.com/FoundationAgents/MetaGPT/issues/1930 - Issue Tracking, Exploit, Mitigation | |
| References | () https://github.com/FoundationAgents/MetaGPT/pull/1983 - Issue Tracking, Patch | |
| References | () https://vuldb.com/submit/791755 - Exploit, Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/356527 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/356527/cti - Permissions Required | |
| First Time |
Deepwisdom metagpt
Deepwisdom |
|
| CPE | cpe:2.3:a:deepwisdom:metagpt:*:*:*:*:*:*:*:* |
09 Apr 2026, 20:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-09 20:16
Updated : 2026-04-29 19:14
NVD link : CVE-2026-5973
Mitre link : CVE-2026-5973
CVE.ORG link : CVE-2026-5973
JSON object : View
Products Affected
deepwisdom
- metagpt