CVE-2026-5973
Published: 09 April 2026
Summary
CVE-2026-5973 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 32.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
A vulnerability was found in FoundationAgents MetaGPT up to version 0.8.1, specifically in the get_mime_type function within metagpt/utils/common.py. The issue stems from improper handling of input that permits OS command injection, tracked under CWE-77 and CWE-78, and carries a CVSS 4.0 score of 6.9 reflecting network-accessible attack vectors with low complexity.
Remote attackers without authentication or user interaction can exploit the flaw to execute arbitrary operating system commands, resulting in limited impacts to confidentiality, integrity, and availability on the affected system. The exploit code has been publicly disclosed, enabling straightforward reproduction by threat actors.
References including the project repository, issue 1930, and pull request 1983 indicate that maintainers were notified of the problem early via a submitted fix but have not yet applied any remediation or released a patched version.
The EPSS score rose from a low baseline to a peak of 0.0176 on 2026-04-16 before receding to the current value of 0.0053, signaling a temporary increase in exploitation interest following public disclosure of the command injection flaw in this AI agent framework.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-21051
Vulnerability details
A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could…
more
be used. The project was informed of the problem early through a pull request but has not reacted yet.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: metagpt
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in a remotely accessible function of MetaGPT enables unauthenticated remote attackers to execute arbitrary OS commands, directly mapping to exploitation of public-facing applications (T1190) and command/scripting interpreter usage for execution (T1059).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of the unpatched OS command injection flaw in MetaGPT's get_mime_type function.
Implements input validation mechanisms to block malicious input manipulations that trigger OS command injection in the vulnerable function.
Enables vulnerability scanning to identify the presence of CVE-2026-5973 in MetaGPT versions up to 0.8.1 for subsequent remediation.