CVE-2026-10566
FoundationAgents MetaGPT schema.py Message.check_instruct_content deserialization
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
| CWE | CWE-502 CWE-20 |
| Vendor | foundationagents |
| Product | metagpt |
| Published | Jun 2, 2026 |
| Last Updated | Jun 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for foundationagents metagpt
Be the first to know when new medium vulnerabilities affecting foundationagents metagpt are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
FoundationAgents / MetaGPT
0.8.0 0.8.1 0.8.2
References
vuldb.com: https://vuldb.com/vuln/367673 vuldb.com: https://vuldb.com/vuln/367673/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10566 vuldb.com: https://vuldb.com/submit/828301 github.com: https://github.com/FoundationAgents/MetaGPT/issues/2038 github.com: https://github.com/FoundationAgents/MetaGPT/
Credits
๐ ASUKA39 (VulDB User) VulDB CNA Team