Cyber Resilience

CVE-2026-5973

Medium

Published: 09 April 2026

Published
09 April 2026
Modified
13 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0053 67.7th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5973 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 32.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

A vulnerability was found in FoundationAgents MetaGPT up to version 0.8.1, specifically in the get_mime_type function within metagpt/utils/common.py. The issue stems from improper handling of input that permits OS command injection, tracked under CWE-77 and CWE-78, and carries a CVSS 4.0 score of 6.9 reflecting network-accessible attack vectors with low complexity.

Remote attackers without authentication or user interaction can exploit the flaw to execute arbitrary operating system commands, resulting in limited impacts to confidentiality, integrity, and availability on the affected system. The exploit code has been publicly disclosed, enabling straightforward reproduction by threat actors.

References including the project repository, issue 1930, and pull request 1983 indicate that maintainers were notified of the problem early via a submitted fix but have not yet applied any remediation or released a patched version.

The EPSS score rose from a low baseline to a peak of 0.0176 on 2026-04-16 before receding to the current value of 0.0053, signaling a temporary increase in exploitation interest following public disclosure of the command injection flaw in this AI agent framework.

EU & UK References

Vulnerability details

A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could…

more

be used. The project was informed of the problem early through a pull request but has not reacted yet.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: metagpt

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

OS command injection in a remotely accessible function of MetaGPT enables unauthenticated remote attackers to execute arbitrary OS commands, directly mapping to exploitation of public-facing applications (T1190) and command/scripting interpreter usage for execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-59736Shared CWE-77, CWE-78
CVE-2025-44015Shared CWE-77, CWE-78
CVE-2025-59740Shared CWE-77, CWE-78
CVE-2026-4585Shared CWE-77, CWE-78
CVE-2026-7698Shared CWE-77, CWE-78
CVE-2026-1544Shared CWE-77, CWE-78
CVE-2025-1536Shared CWE-77, CWE-78
CVE-2025-15501Shared CWE-77, CWE-78
CVE-2026-9452Shared CWE-77, CWE-78
CVE-2026-4170Shared CWE-77, CWE-78

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of the unpatched OS command injection flaw in MetaGPT's get_mime_type function.

prevent

Implements input validation mechanisms to block malicious input manipulations that trigger OS command injection in the vulnerable function.

detect

Enables vulnerability scanning to identify the presence of CVE-2026-5973 in MetaGPT versions up to 0.8.1 for subsequent remediation.

References