Vulnerability Description
A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through a pull request but has not reacted yet.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Deepwisdom | Metagpt | <= 0.8.1 |
Related Weaknesses (CWE)
References
- https://github.com/FoundationAgents/MetaGPT/Product
- https://github.com/FoundationAgents/MetaGPT/issues/1930Issue TrackingExploitMitigation
- https://github.com/FoundationAgents/MetaGPT/pull/1983Issue TrackingPatch
- https://vuldb.com/submit/791755ExploitThird Party AdvisoryVDB Entry
- https://vuldb.com/vuln/356527Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/356527/ctiPermissions Required
FAQ
What is CVE-2026-5973?
CVE-2026-5973 is a vulnerability with a CVSS score of 7.3 (HIGH). A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file metagpt/utils/common.py. The manipulation results in os command injection. The att...
How severe is CVE-2026-5973?
CVE-2026-5973 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-5973?
Check the references section above for vendor advisories and patch information. Affected products include: Deepwisdom Metagpt.