CVE-2026-10566— FoundationAgents MetaGPT schema.py Message.check_instruct_content deserialization
Possible ATT&CK Techniques 2AI
T1059 · Command and Scripting Interpreter T1203 · Exploitation for Client ExecutionGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-10566
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FoundationAgents MetaGPT schema.py Message.check_instruct_content deserialization
Source: NVD (National Vulnerability Database)
Vulnerability Description
A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
可信数据的反序列化
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| FoundationAgents | MetaGPT | 0.8.0 | cpe:2.3:a:foundationagents:metagpt:*:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-10566
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-10566
请登录查看更多情报信息。
Proof of Concept for CVE-2026-10566 (1)
IV. Related Vulnerabilities
Same product: MetaGPT
- CVE-2026-6111
FoundationAgents MetaGPT common.py decode_image server-side - CVE-2026-6110
FoundationAgents MetaGPT Tree-of-Thought Solver tot.py gener - CVE-2026-6109
FoundationAgents MetaGPT Mineflayer HTTP API index.js evalua - CVE-2026-5974
FoundationAgents MetaGPT terminal.py Bash.run os command inj - CVE-2026-5973
FoundationAgents MetaGPT common.py get_mime_type os command
Same vendor: FoundationAgents
- CVE-2026-6111
FoundationAgents MetaGPT common.py decode_image server-side - CVE-2026-6110
FoundationAgents MetaGPT Tree-of-Thought Solver tot.py gener - CVE-2026-6109
FoundationAgents MetaGPT Mineflayer HTTP API index.js evalua - CVE-2026-5974
FoundationAgents MetaGPT terminal.py Bash.run os command inj - CVE-2026-5973
FoundationAgents MetaGPT common.py get_mime_type os command
Same weakness: CWE-502
- CVE-2026-9330
IBM WebSphere Application Server is affected by remote code - CVE-2026-9319
IBM WebSphere Application Server is affected by a remote cod - CVE-2026-49121
AI Tensor Engine for ROCm (AITER) 0.1.14 Unauthenticated RCE - CVE-2026-10532
Logback deserialization whitelist bypass for Proxy objects - CVE-2026-42359
Apache Airflow: Authenticated RCE via XCom PATCH endpoint —
V. Comments for CVE-2026-10566
No comments yet