{"id":"CVE-2026-5970","summary":"FoundationAgents MetaGPT HumanEvalBenchmark/MBPPBenchmark check_solution code injection","details":"A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.","aliases":["GHSA-g977-h85w-h2xj"],"modified":"2026-07-08T08:13:48.384747480Z","published":"2026-04-09T17:00:21.409Z","database_specific":{"cna_assigner":"VulDB","cwe_ids":["CWE-74","CWE-94"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5970.json"},"references":[{"type":"WEB","url":"https://github.com/FoundationAgents/MetaGPT/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5970.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5970"},{"type":"ADVISORY","url":"https://vuldb.com/submit/791693"},{"type":"ADVISORY","url":"https://vuldb.com/vuln/356524"},{"type":"REPORT","url":"https://github.com/FoundationAgents/MetaGPT/issues/1942"},{"type":"REPORT","url":"https://vuldb.com/vuln/356524/cti"},{"type":"FIX","url":"https://github.com/FoundationAgents/MetaGPT/pull/1988"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/foundationagents/metagpt","events":[{"introduced":"feb2d30364e68cd74193d8f7715c3b90fafd02ec"},{"last_affected":"c036574507e7616c02512e7c8ad88dd847783afa"}],"database_specific":{"cpe":"cpe:2.3:a:deepwisdom:metagpt:*:*:*:*:*:*:*:*","source":["AFFECTED_FIELD","CPE_RANGE"],"extracted_events":[{"introduced":"0.8.0"},{"last_affected":"0.8.0"},{"introduced":"0.8.1"},{"last_affected":"0.8.1"},{"introduced":"0"}]}}],"versions":["0.8.0","0.8.1","v0.8.1","v0.8.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5970.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}]}