CVE-2026-5970
FoundationAgents MetaGPT HumanEvalBenchmark/MBPPBenchmark check_solution code injection
CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.
| CWE | CWE-94 CWE-74 |
| Vendor | foundationagents |
| Product | metagpt |
| Published | Apr 9, 2026 |
| Last Updated | Apr 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for foundationagents metagpt
Be the first to know when new high vulnerabilities affecting foundationagents metagpt are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
FoundationAgents / MetaGPT
0.8.0 0.8.1
References
vuldb.com: https://vuldb.com/vuln/356524 vuldb.com: https://vuldb.com/vuln/356524/cti vuldb.com: https://vuldb.com/submit/791693 github.com: https://github.com/FoundationAgents/MetaGPT/issues/1942 github.com: https://github.com/FoundationAgents/MetaGPT/pull/1988 github.com: https://github.com/FoundationAgents/MetaGPT/
Credits
๐ Eric-y (VulDB User) VulDB CNA Team