Description
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the problem early through a pull request but has not reacted yet.
Published: 2026-04-09
Score: 6.9 Medium
EPSS: 1.8% Low
KEV: No
Impact: Remote Command Execution
Action: Apply Patch
AI Analysis

Impact

The vulnerability resides in the Bash.run function of FoundationAgents MetaGPT, allowing an attacker to inject arbitrary operating system commands. This injection can be leveraged to execute any command with the privileges of the running MetaGPT process, potentially compromising confidentiality, integrity, and availability of the host system.

Affected Systems

The affected product is FoundationAgents MetaGPT up to version 0.8.1. All installations of these versions that expose the Bash.run functionality are vulnerable.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity. Although an EPSS score is not available and the vulnerability is not listed in CISA's KEV catalog, the ability to perform a remote OS command injection makes exploitation likely if the MetaGPT instance is reachable over a network or exposed to untrusted inputs. An attacker can execute arbitrary commands, leading to full compromise of the affected host.

Generated by OpenCVE AI on April 9, 2026 at 21:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade MetaGPT to version 0.8.2 or later where the Bash.run issue is fixed
  • If an update is not immediately possible, disable or sandbox the Bash.run functionality to prevent command execution
  • Monitor application logs for unexpected command execution and review network access to the MetaGPT instance

Generated by OpenCVE AI on April 9, 2026 at 21:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-fcc8-4q7h-wvwc FoundationAgents MetaGPT vulnerable to OS Command Injection in metagpt/tools/libs/terminal.py
History

Wed, 29 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Deepwisdom
Deepwisdom metagpt
CPEs cpe:2.3:a:deepwisdom:metagpt:*:*:*:*:*:*:*:*
Vendors & Products Deepwisdom
Deepwisdom metagpt

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Foundation Agents
Foundation Agents metagpt
Vendors & Products Foundation Agents
Foundation Agents metagpt

Thu, 09 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the problem early through a pull request but has not reacted yet.
Title FoundationAgents MetaGPT terminal.py Bash.run os command injection
Weaknesses CWE-77
CWE-78
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Deepwisdom Metagpt
Foundation Agents Metagpt
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-09T20:17:26.123Z

Reserved: 2026-04-09T12:04:47.323Z

Link: CVE-2026-5974

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-09T20:16:29.347

Modified: 2026-04-29T18:47:14.113

Link: CVE-2026-5974

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:29:36Z

Weaknesses