A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the problem early through a pull request but has not reacted yet.
References
| Link | Resource |
|---|---|
| https://github.com/FoundationAgents/MetaGPT/ | Product |
| https://github.com/FoundationAgents/MetaGPT/issues/1931 | Issue Tracking Exploit |
| https://github.com/FoundationAgents/MetaGPT/pull/1940 | Issue Tracking Patch |
| https://vuldb.com/submit/791758 | Exploit Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/356528 | Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/356528/cti | Permissions Required |
Configurations
History
29 Apr 2026, 18:47
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:deepwisdom:metagpt:*:*:*:*:*:*:*:* | |
| First Time |
Deepwisdom metagpt
Deepwisdom |
|
| References | () https://github.com/FoundationAgents/MetaGPT/ - Product | |
| References | () https://github.com/FoundationAgents/MetaGPT/issues/1931 - Issue Tracking, Exploit | |
| References | () https://github.com/FoundationAgents/MetaGPT/pull/1940 - Issue Tracking, Patch | |
| References | () https://vuldb.com/submit/791758 - Exploit, Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/356528 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/356528/cti - Permissions Required |
09 Apr 2026, 20:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-09 20:16
Updated : 2026-04-29 18:47
NVD link : CVE-2026-5974
Mitre link : CVE-2026-5974
CVE.ORG link : CVE-2026-5974
JSON object : View
Products Affected
deepwisdom
- metagpt