CVE-2026-5970

critical

Published 2026-04-09 · Modified 2026-05-06

CVSS v3

9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v2

7.5

VIR risk

9.8

Description

MetaGPT has an Injection issue

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cna@vuldb.com — https://github.com/FoundationAgents/MetaGPT/pull/1988

Package impact

Ecosystem	Package	Vulnerable	Fixed
PyPI	metagpt	`<=0.8.1`
PIP	metagpt	`<= 0.8.1`

Application impact

Vendor	Product	Versions	Fixed
deepwisdom	metagpt	`{"endIncluding":"0.8.1"}`

References

CWEs

CWE-74 CWE-94

Verify integrity in audit chain (admin only). AS-IS.