CVE-2026-5972

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L                                    

Vulnerability Description

A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.run_command in the library metagpt/tools/libs/terminal.py. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The identifier of the patch is d04ffc8dc67903e8b327f78ec121df5e190ffc7b. Applying a patch is the recommended action to fix this issue.

Vulnerability Details

Published Date

April 09, 2026

Last Modified

April 13, 2026

CWE ID

CWE-77

Source

NVD

External References

https://github.com/FoundationAgents/MetaGPT/
https://github.com/FoundationAgents/MetaGPT/issues/1929
https://github.com/paipeline/MetaGPT/commit/d04ffc8dc67903e8b327f78ec121df5e190ffc7b
https://vuldb.com/submit/791745
https://vuldb.com/vuln/356526
https://vuldb.com/vuln/356526/cti

CVE-2026-5972

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment