CVE-2026-10566
LOW
1,9
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM
5,3
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: low
MEDIUM
4,3
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: single
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
20
Improper Input Validation
StableCommon Consequences
Security Scopes Affected:
Availability
Confidentiality
Integrity
Potential Impacts:
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Read Memory
Read Files Or Directories
Modify Memory
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies:
AI/ML
502
Deserialization of Untrusted Data
DraftCommon Consequences
Security Scopes Affected:
Integrity
Availability
Other
Potential Impacts:
Modify Application Data
Unexpected State
Dos: Resource Consumption (Cpu)
Varies By Context
Applicable Platforms
Languages:
Java, Ruby, PHP, Python, JavaScript
Technologies:
Not Technology-Specific, ICS/OT, AI/ML
https://github.com/FoundationAgents/MetaGPT/
https://github.com/FoundationAgents/MetaGPT/issues/2038
https://vuldb.com/cve/CVE-2026-10566
https://vuldb.com/submit/828301
https://vuldb.com/vuln/367673
https://vuldb.com/vuln/367673/cti