CVE-2026-10566
5.3 MEDIUMA weakness has been identified in FoundationAgents MetaGPT up to 0.8.2
Published: 2026-06-02 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-20, CWE-502
Description
A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10566
- [Other]https://github.com/FoundationAgents/MetaGPT/
- [Other]https://github.com/FoundationAgents/MetaGPT/issues/2038
- [Other]https://vuldb.com/cve/CVE-2026-10566
- [Other]https://vuldb.com/submit/828301
- [Other]https://vuldb.com/vuln/367673
- [Other]https://vuldb.com/vuln/367673/cti
Related CVEs
Same CWE
- CVE-2026-12191 — A vulnerability was found in Comma AI Openpilot 0.11 (7.8 HIGH)
- CVE-2026-45013 — ApostropheCMS is an open-source Node.js content management system (8.1 HIGH)
- CVE-2026-54133 — jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP app... (9.8 CRITICAL)
- CVE-2026-47196 — Quest Bot is an opensource Discord Bot
- CVE-2026-50633 — A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an atta... (8.1 HIGH)