Description
A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-06-02
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The MetaGPT "Message.check_instruct_content" function deserializes instruction content provided via the argument mapping without sufficient validation. An attacker who can supply a crafted mapping can trigger Python’s deserialization process, potentially enabling arbitrary code execution on the host where MetaGPT runs. The flaw is limited to local execution, which means it does not expose the system to remote attacks directly, yet any local user or malware capable of influencing the input can exploit it.

Affected Systems

Affected by the vulnerability are all instances of FoundationAgents MetaGPT version 0.8.2 and earlier. The flaw resides in metagpt/schema.py which is bundled with every release up to 0.8.2. No other vendors, products or component versions have been identified as affected.

Risk and Exploitability

The CVSS score of 4.8 indicates a moderate severity. Though the EPSS score is not available, the fact that the exploit is publicly released and can be executed locally suggests a realistic risk for organizations that run MetaGPT with elevated privileges. The vulnerability is not listed in CISA’s KEV catalog, implying the exploit may not yet be widely observed in the wild; nevertheless, any machine that can provide crafted instruction content to the vulnerable function is at risk. Security teams should treat local control of input as a critical point of failure until an official fix is released.

Generated by OpenCVE AI on June 2, 2026 at 03:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify that all instruction content passed to MetaGPT is fully sanitized to eliminate binary or serialized data that could trigger Python’s deserialization.
  • Run MetaGPT under the least‑privilege user account and constrain its filesystem and networking permissions to limit the impact of any potential code execution.
  • Regularly review the FoundationAgents repository and issue tracker for an official patch; upgrade to a fixed version as soon as one becomes available.

Generated by OpenCVE AI on June 2, 2026 at 03:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 04:15:00 +0000

Type Values Removed Values Added
First Time appeared Foundation Agents
Foundation Agents metagpt
Vendors & Products Foundation Agents
Foundation Agents metagpt

Tue, 02 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Title FoundationAgents MetaGPT schema.py Message.check_instruct_content deserialization
First Time appeared Foundationagents
Foundationagents metagpt
Weaknesses CWE-20
CWE-502
CPEs cpe:2.3:a:foundationagents:metagpt:*:*:*:*:*:*:*:*
Vendors & Products Foundationagents
Foundationagents metagpt
References
Metrics cvssV2_0

{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Foundation Agents Metagpt
Foundationagents Metagpt
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-02T01:45:10.323Z

Reserved: 2026-06-01T16:34:26.724Z

Link: CVE-2026-10566

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-02T03:16:16.210

Modified: 2026-06-02T03:16:16.210

Link: CVE-2026-10566

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T04:00:11Z

Weaknesses