CVE-2026-5973
OS Command Injection in FoundationAgents MetaGPT get_mime_type Function
Publication date: 2026-04-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| deepwisdom | metagpt | to 0.8.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5973 is a command injection vulnerability in the MetaGPT project's function get_mime_type located in metagpt/utils/common.py. The vulnerability occurs because the function constructs a shell command string using an f-string that directly inserts a filename, which may contain malicious shell metacharacters. This command string is then executed with shell=True, allowing an attacker to inject and execute arbitrary shell commands remotely by crafting filenames with special characters.
Specifically, when filenames contain characters like quotes, semicolons, or backticks, they can break out of the intended command context and execute unintended commands on the victim's system. This can happen when MetaGPT processes repositories containing such maliciously named files.
How can this vulnerability impact me? :
This vulnerability allows remote attackers to execute arbitrary commands on the victim's system by exploiting the unsafe handling of filenames in shell commands. The impact includes remote code execution (RCE), which can lead to full system compromise.
- Arbitrary command execution on the victim's machine.
- Potential full system compromise including reading, writing, or exfiltrating sensitive data.
- Execution of malicious payloads leading to loss of system integrity and availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the MetaGPT installation uses the vulnerable `get_mime_type()` function that executes shell commands with `shell=True` and interpolates filenames directly into the command string. Specifically, look for usage of `subprocess.run()` with `shell=True` in the `metagpt/utils/common.py` file around line 920.
To detect exploitation attempts or presence of malicious filenames, you can search for files with suspicious names containing shell metacharacters such as `'`, `;`, `$()`, or backticks in repositories processed by MetaGPT.
Example commands to detect suspicious files on a system or repository include:
- Find files with single quotes or semicolons in their names: `find /path/to/repo -name "*'*" -o -name "*;*"`
- Check for files with backticks or dollar parentheses: `find /path/to/repo -name "*\`*" -o -name "*$(*)*"`
Additionally, monitoring for unexpected file creation such as `/tmp/rce_proof` (used in proof-of-concept exploits) can indicate exploitation.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves modifying the vulnerable `get_mime_type()` function to avoid using `shell=True` with untrusted input.
Specifically, change the call from passing a shell command string to passing a list of arguments to `shell_execute()`, which ensures `shell=False` and prevents shell interpretation of metacharacters.
- Replace `await shell_execute(f"file --mime-type '{str(filename)}'")` with `await shell_execute(["file", "--mime-type", str(filename)])`.
- Modify `shell_execute()` to always use `shell=False` and parse string commands with `shlex.split()` if needed.
- Alternatively, replace the use of the external `file` command with Python's built-in `mimetypes` module to avoid shell commands altogether.
Until a patched version is available, avoid processing untrusted repositories or filenames with MetaGPT, and monitor for suspicious filenames or unexpected system behavior.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote code execution through command injection, which can lead to full system compromise including arbitrary file read/write and data exfiltration.
Such a compromise could result in unauthorized access to sensitive personal or protected health information, thereby potentially violating compliance requirements of standards like GDPR and HIPAA that mandate protection of data confidentiality and integrity.
Therefore, if exploited, this vulnerability could negatively impact an organization's ability to comply with these regulations due to the risk of data breaches and loss of control over protected data.