Executive Summary

CVE-2026-5973 is a command injection vulnerability in the MetaGPT project's function get_mime_type located in metagpt/utils/common.py. The vulnerability occurs because the function constructs a shell command string using an f-string that directly inserts a filename, which may contain malicious shell metacharacters. This command string is then executed with shell=True, allowing an attacker to inject and execute arbitrary shell commands remotely by crafting filenames with special characters.

Specifically, when filenames contain characters like quotes, semicolons, or backticks, they can break out of the intended command context and execute unintended commands on the victim's system. This can happen when MetaGPT processes repositories containing such maliciously named files.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows remote attackers to execute arbitrary commands on the victim's system by exploiting the unsafe handling of filenames in shell commands. The impact includes remote code execution (RCE), which can lead to full system compromise.

• Arbitrary command execution on the victim's machine.
• Potential full system compromise including reading, writing, or exfiltrating sensitive data.
• Execution of malicious payloads leading to loss of system integrity and availability.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if the MetaGPT installation uses the vulnerable `get_mime_type()` function that executes shell commands with `shell=True` and interpolates filenames directly into the command string. Specifically, look for usage of `subprocess.run()` with `shell=True` in the `metagpt/utils/common.py` file around line 920.

To detect exploitation attempts or presence of malicious filenames, you can search for files with suspicious names containing shell metacharacters such as `'`, `;`, `$()`, or backticks in repositories processed by MetaGPT.

Example commands to detect suspicious files on a system or repository include:

• Find files with single quotes or semicolons in their names: `find /path/to/repo -name "*'*" -o -name "*;*"`
• Check for files with backticks or dollar parentheses: `find /path/to/repo -name "*\`*" -o -name "*$(*)*"`

Additionally, monitoring for unexpected file creation such as `/tmp/rce_proof` (used in proof-of-concept exploits) can indicate exploitation.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation involves modifying the vulnerable `get_mime_type()` function to avoid using `shell=True` with untrusted input.

Specifically, change the call from passing a shell command string to passing a list of arguments to `shell_execute()`, which ensures `shell=False` and prevents shell interpretation of metacharacters.

• Replace `await shell_execute(f"file --mime-type '{str(filename)}'")` with `await shell_execute(["file", "--mime-type", str(filename)])`.
• Modify `shell_execute()` to always use `shell=False` and parse string commands with `shlex.split()` if needed.
• Alternatively, replace the use of the external `file` command with Python's built-in `mimetypes` module to avoid shell commands altogether.

Until a patched version is available, avoid processing untrusted repositories or filenames with MetaGPT, and monitor for suspicious filenames or unexpected system behavior.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows remote code execution through command injection, which can lead to full system compromise including arbitrary file read/write and data exfiltration.

Such a compromise could result in unauthorized access to sensitive personal or protected health information, thereby potentially violating compliance requirements of standards like GDPR and HIPAA that mandate protection of data confidentiality and integrity.

Therefore, if exploited, this vulnerability could negatively impact an organization's ability to comply with these regulations due to the risk of data breaches and loss of control over protected data.

Useful 0 Not Useful 0