CVE-2026-5973

EUVD-2026-21051
A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through a pull request but has not reacted yet.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/FoundationAgents/MetaGPT/
https://github.com/FoundationAgents/MetaGPT/issues/1930
https://github.com/FoundationAgents/MetaGPT/pull/1983
https://vuldb.com/submit/791755
https://vuldb.com/vuln/356527
https://vuldb.com/vuln/356527/cti