Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
1.9
CVE-2026-10566: MetaGPT 0.8.2: Unrestricted Input Can Cause Code Execution
CVE-2026-10566
Summary
A security flaw in MetaGPT's message checking function allows an attacker to execute code on a local system. This could be exploited by anyone with access to the affected version of MetaGPT, and a public exploit is available. Users should update to a fixed version of MetaGPT as soon as possible.
Original title
A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a manipulation of the argum...
Original description
A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
4.3
nvd CVSS3.1
5.3
nvd CVSS4.0
1.9
Vulnerability type
CWE-20
Improper Input Validation
CWE-502
Deserialization of Untrusted Data
Published: 2 Jun 2026 · Updated: 2 Jun 2026 · First seen: 2 Jun 2026