Is there a public PoC exploit available for CVE-2026-5973?

Yes, a public proof-of-concept exploit is available for CVE-2026-5973. Prioritise patching immediately. EPSS: 0.8%.

Is there a patch available for CVE-2026-5973?

Yes, a patch is available for CVE-2026-5973. Update the affected software to the latest version immediately.

FoundationAgents MetaGPT CVE-2026-5973

Q: What is the CVSS score of CVE-2026-5973?

CVE-2026-5973 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.8%.

EUVD-2026-21051 MEDIUM

OS Command Injection (CWE-78)

2026-04-09 VulDB

GHSA-qw5f-qpq5-ppfg

Command Injection

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Apr 09, 2026 - 20:16 vuln.today

Public exploit code

EUVD ID Assigned

Apr 09, 2026 - 19:45 euvd

EUVD-2026-21051

Analysis Generated

Apr 09, 2026 - 19:45 vuln.today

Patch released

Apr 09, 2026 - 19:45 nvd

Patch available

CVE Published

Apr 09, 2026 - 19:15 nvd

MEDIUM 6.9

DescriptionNVD

A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through a pull request but has not reacted yet.

AnalysisAI

Remote command injection in FoundationAgents MetaGPT versions 0.8.0 and 0.8.1 via the get_mime_type function in metagpt/utils/common.py allows unauthenticated attackers to execute arbitrary OS commands over the network with low complexity. Publicly available exploit code exists, and a patch pull request has been submitted but not yet merged by the vendor, creating an active vulnerability window for deployed instances.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-5973 vulnerability details – vuln.today

Back

FoundationAgents MetaGPT CVE-2026-5973

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

FoundationAgents MetaGPT CVE-2026-5973

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code