CVE-2026-5970 - Vulnerability Details

- FoundationAgents MetaGPT HumanEvalBenchmark/MBPPBenchmark check_solution code injection

Description

A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.

Published: 2026-04-09

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the check_solution function of the MetaGPT project’s HumanEvalBenchmark/MBPPBenchmark component. An attacker can supply a manipulated input that causes the function to evaluate arbitrary code, resulting in code injection. This weakness is identified as CWE‑74 and CWE‑94. The impact includes the potential execution of unintended code in the context of the MetaGPT application, which could lead to unauthorized data access, data modification, or further compromise of the host system.

Affected Systems

MetaGPT versions up to 0.8.1 are affected. The vulnerability is present in the FoundationAgents MetaGPT repository under the HumanEvalBenchmark/MBPPBenchmark component. Users running any of these versions are at risk.

Risk and Exploitability

The CVSS score of 6.9 reflects a moderate severity: an attacker can remotely trigger the vulnerability without authentication. The exploit is publicly documented on GitHub and other advisory sites, but EPSS data is unavailable and it is not listed in the CISA KEV catalog. The attack vector is inferred to be remote, likely via an API call or request to the check_solution endpoint. Exploitation requires the ability to influence the input passed to the function; no additional preconditions are documented.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

FoundationAgents

MetaGPT

affected

Version	Status	Constraints
`0.8.0`	affected	—
`0.8.1`	affected	—

Configuration 1 [-]

cpe:2.3:a:deepwisdom:metagpt:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Foundation Agents

Metagpt

95%

Version	Status	Scheme	Platform
`0.8.0`	affected	semver	—
`0.8.1`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check the MetaGPT repository for a new release that addresses the check_solution code injection issue.
If a patch is not yet available, restrict external access to the MetaGPT service or block the check_solution endpoint until a fix is released.
Validate or sanitize all inputs before they reach the check_solution function to prevent execution of unintended code.
Monitor GitHub issues and pull requests for updates from the maintainers regarding this vulnerability.

Generated by OpenCVE AI on April 9, 2026 at 18:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00074.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/FoundationAgents/MetaGPT/
https://github.com/FoundationAgents/MetaGPT/issues/1942
https://github.com/FoundationAgents/MetaGPT/pull/1988
https://vuldb.com/submit/791693
https://vuldb.com/vuln/356524
https://vuldb.com/vuln/356524/cti

History

Wed, 29 Apr 2026 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Deepwisdom Deepwisdom metagpt
CPEs		cpe:2.3:a:deepwisdom:metagpt::::::::
Vendors & Products		Deepwisdom Deepwisdom metagpt

Fri, 10 Apr 2026 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Foundation Agents Foundation Agents metagpt
Vendors & Products		Foundation Agents Foundation Agents metagpt

Thu, 09 Apr 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 09 Apr 2026 17:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.
Title		FoundationAgents MetaGPT HumanEvalBenchmark/MBPPBenchmark check_solution code injection
Weaknesses		CWE-74 CWE-94
References		https://github.com/FoundationAgents/MetaGPT/ https://github.com/FoundationAgents/MetaGPT/issues/1942 https://github.com/FoundationAgents/MetaGPT/pull/1988 https://vuldb.com/submit/791693 https://vuldb.com/vuln/356524 https://vuldb.com/vuln/356524/cti
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Deepwisdom Metagpt

Foundation Agents Metagpt

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-09T17:00:21.409Z

Updated: 2026-04-09T18:07:11.915Z

Reserved: 2026-04-09T12:04:16.831Z

Link: CVE-2026-5970

Vulnrichment

Updated: 2026-04-09T18:07:06.052Z

NVD

Status : Analyzed

Published: 2026-04-09T18:17:04.497

Modified: 2026-04-29T19:46:47.493

Link: CVE-2026-5970

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-10T09:32:03Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object