{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5974/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5974"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["command-injection","metagpt","cve-2026-5974"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical command injection vulnerability, tracked as CVE-2026-5974, has been identified in FoundationAgents MetaGPT up to version 0.8.1. The vulnerability resides within the \u003ccode\u003eBash.run\u003c/code\u003e function located in the \u003ccode\u003emetagpt/tools/libs/terminal.py\u003c/code\u003e library. An attacker can exploit this flaw by injecting malicious commands into the \u003ccode\u003eBash.run\u003c/code\u003e function, leading to arbitrary OS command execution on the target system. The vulnerability is remotely exploitable, posing a significant risk. Although the developers were notified via a pull request, no patch has been released as of the publication of this brief. This vulnerability could be exploited to gain unauthorized access, escalate privileges, or compromise the entire system.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a MetaGPT instance running version 0.8.1 or earlier.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious input string containing OS commands.\u003c/li\u003e\n\u003cli\u003eThis malicious string is passed to the \u003ccode\u003eBash.run\u003c/code\u003e function in \u003ccode\u003emetagpt/tools/libs/terminal.py\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDue to insufficient input validation, the injected commands are not properly neutralized.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eBash.run\u003c/code\u003e function executes the injected OS commands using the underlying operating system\u0026rsquo;s shell.\u003c/li\u003e\n\u003cli\u003eThe attacker gains the ability to execute arbitrary code on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker could then install malware, create new user accounts, or exfiltrate sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could allow an attacker to execute arbitrary operating system commands on the server hosting the vulnerable MetaGPT instance. This could lead to complete system compromise, including data theft, malware installation, and denial-of-service attacks. Due to the nature of command injection, the impact is highly dependent on the privileges of the user account running the MetaGPT application.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply input validation and sanitization to the \u003ccode\u003eBash.run\u003c/code\u003e function in the \u003ccode\u003emetagpt/tools/libs/terminal.py\u003c/code\u003e library to prevent command injection (CVE-2026-5974).\u003c/li\u003e\n\u003cli\u003eMonitor process creations for unusual commands executed by the MetaGPT application (see Sigma rule \u0026ldquo;Detect Suspicious MetaGPT Bash.run Execution\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eDeploy a web application firewall (WAF) to filter out potentially malicious payloads being sent to the MetaGPT application.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-09T20:16:29Z","date_published":"2026-04-09T20:16:29Z","id":"/briefs/2026-04-metagpt-cmd-injection/","summary":"A command injection vulnerability exists in FoundationAgents MetaGPT version 0.8.1 affecting the Bash.run function, enabling remote attackers to execute arbitrary OS commands via crafted input.","title":"MetaGPT Bash.run Command Injection Vulnerability (CVE-2026-5974)","url":"https://feed.craftedsignal.io/briefs/2026-04-metagpt-cmd-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-5974","version":"https://jsonfeed.org/version/1.1"}