Cyber Resilience

CVE-2026-5970

Medium

Published: 09 April 2026

Published
09 April 2026
Modified
13 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0009 25.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5970 is a medium-severity Injection (CWE-74) vulnerability. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-5970 is a code injection vulnerability in FoundationAgents MetaGPT versions up to 0.8.1. It affects the check_solution function within the HumanEvalBenchmark and MBPPBenchmark components. Successful manipulation enables code injection, with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), linked to CWEs-74 (Injection) and CWE-94 (Code Injection).

Remote attackers require no privileges or user interaction to exploit the vulnerability over the network with low complexity. Exploitation can result in low impacts to confidentiality, integrity, and availability through injected code execution.

The project was informed early via pull request #1988 on GitHub but has not reacted or released a patch. The exploit is public, with details documented in GitHub issue #1942 and VulDB entries at vuldb.com/vuln/356524 and vuldb.com/submit/791693.

EU & UK References

Vulnerability details

A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be…

more

used. The project was informed of the problem early through a pull request but has not reacted yet.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: metagpt

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

Code injection in check_solution enables remote arbitrary Python code execution (T1059.006) via exploitation of a public-facing application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-5584Shared CWE-74, CWE-94
CVE-2026-6110Shared CWE-74, CWE-94
CVE-2026-6603Shared CWE-74, CWE-94
CVE-2026-26216Shared CWE-94
CVE-2026-31225Shared CWE-94
CVE-2026-31048Shared CWE-94
CVE-2026-44888Shared CWE-94
CVE-2023-54345Shared CWE-94
CVE-2026-5562Shared CWE-74, CWE-94
CVE-2026-2008Shared CWE-74, CWE-94

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents code injection by validating inputs to the vulnerable check_solution function in HumanEvalBenchmark/MBPPBenchmark.

prevent

Remediates the specific code injection flaw in MetaGPT up to 0.8.1 by applying patches or vendor-provided fixes when available.

detectrespond

Scans for and identifies the CVE-2026-5970 vulnerability in MetaGPT components, enabling prioritized remediation.

References