CVE-2026-5973

Source
https://cve.org/CVERecord?id=CVE-2026-5973
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5973.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-5973
Aliases
Published
2026-04-09T19:15:13.464Z
Modified
2026-07-13T16:43:13.764707914Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
FoundationAgents MetaGPT common.py get_mime_type os command injection
Details

A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function getmimetype of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through a pull request but has not reacted yet.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5973.json",
    "cwe_ids": [
        "CWE-77",
        "CWE-78"
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/foundationagents/metagpt

Affected ranges

Type
GIT
Repo
https://github.com/foundationagents/metagpt
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:deepwisdom:metagpt:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0.8.0"
        },
        {
            "last_affected": "0.8.0"
        },
        {
            "introduced": "0.8.1"
        },
        {
            "last_affected": "0.8.1"
        },
        {
            "introduced": "0"
        }
    ]
}

Affected versions

0.*
0.8.0
0.8.1
v0.*
v0.8.0
v0.8.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5973.json"