CVE-2026-6604

🗓️ 20 Apr 2026 04:15:11Reported by VulDBType

CVE-2026-6604 in modelscope agentscope up to 1.0.18 enables SSRF via image_url or audio_file_url.

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2026-6604	20 Apr 202604:15	–	attackerkb
Circl	CVE-2026-6604	20 Apr 202607:15	–	circl
CNNVD	AgentScope 安全漏洞	20 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-6604 modelscope agentscope Cloud Metadata Endpoint _openai_tools.py openai_audio_to_text server-side request forgery	20 Apr 202604:15	–	cvelist
EUVD	EUVD-2026-23773	20 Apr 202606:31	–	euvd
Github Security Blog	AgentScope vulnerable to Server-Side Request Forgery	20 Apr 202606:31	–	github
NVD	CVE-2026-6604	20 Apr 202605:16	–	nvd
OSV	GHSA-659X-HM75-HPV7 AgentScope vulnerable to Server-Side Request Forgery	20 Apr 202606:31	–	osv
Positive Technologies	PT-2026-33710	20 Apr 202600:00	–	ptsecurity
Snyk	Server-side Request Forgery (SSRF)	20 Apr 202606:13	–	snyk

Vulners

Node

modelscope agentscopeMatch1.0.0

modelscope agentscopeMatch1.0.1

modelscope agentscopeMatch1.0.2

modelscope agentscopeMatch1.0.3

modelscope agentscopeMatch1.0.4

modelscope agentscopeMatch1.0.5

modelscope agentscopeMatch1.0.6

modelscope agentscopeMatch1.0.7

modelscope agentscopeMatch1.0.8

modelscope agentscopeMatch1.0.9

modelscope agentscopeMatch1.0.10

modelscope agentscopeMatch1.0.11

modelscope agentscopeMatch1.0.12

modelscope agentscopeMatch1.0.13

modelscope agentscopeMatch1.0.14

modelscope agentscopeMatch1.0.15

modelscope agentscopeMatch1.0.16

modelscope agentscopeMatch1.0.17

modelscope agentscopeMatch1.0.18

[
  {
    "vendor": "modelscope",
    "product": "agentscope",
    "versions": [
      {
        "version": "1.0.0",
        "status": "affected"
      },
      {
        "version": "1.0.1",
        "status": "affected"
      },
      {
        "version": "1.0.2",
        "status": "affected"
      },
      {
        "version": "1.0.3",
        "status": "affected"
      },
      {
        "version": "1.0.4",
        "status": "affected"
      },
      {
        "version": "1.0.5",
        "status": "affected"
      },
      {
        "version": "1.0.6",
        "status": "affected"
      },
      {
        "version": "1.0.7",
        "status": "affected"
      },
      {
        "version": "1.0.8",
        "status": "affected"
      },
      {
        "version": "1.0.9",
        "status": "affected"
      },
      {
        "version": "1.0.10",
        "status": "affected"
      },
      {
        "version": "1.0.11",
        "status": "affected"
      },
      {
        "version": "1.0.12",
        "status": "affected"
      },
      {
        "version": "1.0.13",
        "status": "affected"
      },
      {
        "version": "1.0.14",
        "status": "affected"
      },
      {
        "version": "1.0.15",
        "status": "affected"
      },
      {
        "version": "1.0.16",
        "status": "affected"
      },
      {
        "version": "1.0.17",
        "status": "affected"
      },
      {
        "version": "1.0.18",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:modelscope:agentscope:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "Cloud Metadata Endpoint"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/vuln/358239/cti
vuldb	www.vuldb.com/vuln/358239
vuldb	www.vuldb.com/submit/792224
gist	www.gist.github.com/YLChen-007/e3e0741b297d8c2ffca59b6350d4c657

29 Apr 2026 01:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 46.9

CVSS 3.17.3

CVSS 27.5

CVSS 37.3

EPSS0.00054

SSVC

CWE-918