CVE-2026-5973
Published: 09 April 2026
Summary
CVE-2026-5973 is a high-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 34.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and correction of the unpatched OS command injection flaw in MetaGPT's get_mime_type function.
Implements input validation mechanisms to block malicious input manipulations that trigger OS command injection in the vulnerable function.
Enables vulnerability scanning to identify the presence of CVE-2026-5973 in MetaGPT versions up to 0.8.1 for subsequent remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in a remotely accessible function of MetaGPT enables unauthenticated remote attackers to execute arbitrary OS commands, directly mapping to exploitation of public-facing applications (T1190) and command/scripting interpreter usage for execution (T1059).
NVD Description
A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could…
more
be used. The project was informed of the problem early through a pull request but has not reacted yet.
Deeper analysisAI
CVE-2026-5973 is an OS command injection vulnerability affecting FoundationAgents MetaGPT versions up to 0.8.1. The issue resides in the get_mime_type function within the file metagpt/utils/common.py, where manipulation of inputs leads to arbitrary OS command execution. The vulnerability carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and is associated with CWEs 77 and 78.
The vulnerability is remotely exploitable by unauthenticated attackers with network access, requiring low complexity and no user interaction. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, enabling command injection on the host system running the affected MetaGPT instance.
Advisories reference an open GitHub issue (#1930) and a pull request (#1983) submitted to the MetaGPT repository, indicating the project was informed early but has not yet responded or issued patches. No official mitigations or fixes are available as of the CVE publication on 2026-04-09.
The exploit has been made public and could be used in attacks, with details available via VulDB entries. MetaGPT, as a multi-agent framework, has relevance to AI/ML workflows where such utilities might process file types insecurely.
Details
- CWE(s)