{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5972/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5972"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["CVE-2026-5972","command-injection","metagpt"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-5972 describes a critical OS command injection vulnerability affecting FoundationAgents MetaGPT versions up to 0.8.1. The vulnerability resides in the \u003ccode\u003eTerminal.run_command\u003c/code\u003e function within the \u003ccode\u003emetagpt/tools/libs/terminal.py\u003c/code\u003e file. This flaw allows remote attackers to inject and execute arbitrary operating system commands on the affected system. The vulnerability is remotely exploitable, meaning that attackers can trigger it over a network without requiring local access. Public exploits for this vulnerability are available, increasing the risk of widespread exploitation. The patch identified as \u003ccode\u003ed04ffc8dc67903e8b327f78ec121df5e190ffc7b\u003c/code\u003e addresses this vulnerability and upgrading to a patched version is highly recommended.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable MetaGPT instance running a version \u0026lt;= 0.8.1.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting the \u003ccode\u003eTerminal.run_command\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe malicious request contains an OS command injection payload within the input parameters expected by \u003ccode\u003eTerminal.run_command\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eMetaGPT processes the request, passing the attacker-controlled input to the underlying operating system\u0026rsquo;s command interpreter without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe operating system executes the injected command as part of the MetaGPT process, granting the attacker code execution within the server environment.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the initial foothold to escalate privileges, potentially gaining root access or compromising other services on the system.\u003c/li\u003e\n\u003cli\u003eThe attacker may then install malware, establish persistence, or exfiltrate sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves their final objective, which could include data theft, denial of service, or complete system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system. This can lead to complete system compromise, including data theft, malware installation, and denial of service. Given the publicly available exploit, unpatched MetaGPT instances are at immediate risk. The vulnerability has a CVSS v3.1 score of 7.3, indicating a high level of severity. The number of victims and sectors targeted is currently unknown, but given the nature of the vulnerability, any organization using MetaGPT is potentially at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch \u003ccode\u003ed04ffc8dc67903e8b327f78ec121df5e190ffc7b\u003c/code\u003e provided by FoundationAgents to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting the MetaGPT application, specifically those containing command injection attempts (cs-uri-query, cs-method, sc-status).\u003c/li\u003e\n\u003cli\u003eImplement the provided Sigma rule to detect command execution originating from the MetaGPT application (logsource).\u003c/li\u003e\n\u003cli\u003eReview network traffic for unusual outbound connections originating from MetaGPT servers, which could indicate successful exploitation and malware installation (category: network_connection).\u003c/li\u003e\n\u003cli\u003eEnable and review process creation logs on MetaGPT servers to identify any unexpected child processes spawned by the MetaGPT application, as this could indicate command injection exploitation (category: process_creation).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-09T20:16:28Z","date_published":"2026-04-09T20:16:28Z","id":"/briefs/2026-04-metagpt-command-injection/","summary":"A remote command injection vulnerability exists in FoundationAgents MetaGPT \u003c= 0.8.1 via the Terminal.run_command function, allowing unauthenticated attackers to execute arbitrary OS commands.","title":"MetaGPT OS Command Injection Vulnerability (CVE-2026-5972)","url":"https://feed.craftedsignal.io/briefs/2026-04-metagpt-command-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — CVE-2026-5972","version":"https://jsonfeed.org/version/1.1"}