CVE-2026-6605

🗓️ 20 Apr 2026 04:30:13Reported by VulDBType

Server-side forgery in modelscope agentscope 1.0.18 via get_bytes_from_web_url, exploitable remotely.

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2026-6605	20 Apr 202604:30	–	attackerkb
Circl	CVE-2026-6605	20 Apr 202607:15	–	circl
CNNVD	AgentScope 安全漏洞	20 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-6605 modelscope agentscope Internal Service _common.py _get_bytes_from_web_url server-side request forgery	20 Apr 202604:30	–	cvelist
EUVD	EUVD-2026-23774	20 Apr 202606:31	–	euvd
Github Security Blog	AgentScope vulnerable to Server-Side Request Forgery	20 Apr 202606:31	–	github
NVD	CVE-2026-6605	20 Apr 202605:16	–	nvd
OSV	GHSA-8GGF-R3VM-P3JC AgentScope vulnerable to Server-Side Request Forgery	20 Apr 202606:31	–	osv
Positive Technologies	PT-2026-33711	20 Apr 202600:00	–	ptsecurity
Snyk	Server-side Request Forgery (SSRF)	20 Apr 202606:13	–	snyk

Vulners

Node

modelscope agentscopeMatch1.0.0

modelscope agentscopeMatch1.0.1

modelscope agentscopeMatch1.0.2

modelscope agentscopeMatch1.0.3

modelscope agentscopeMatch1.0.4

modelscope agentscopeMatch1.0.5

modelscope agentscopeMatch1.0.6

modelscope agentscopeMatch1.0.7

modelscope agentscopeMatch1.0.8

modelscope agentscopeMatch1.0.9

modelscope agentscopeMatch1.0.10

modelscope agentscopeMatch1.0.11

modelscope agentscopeMatch1.0.12

modelscope agentscopeMatch1.0.13

modelscope agentscopeMatch1.0.14

modelscope agentscopeMatch1.0.15

modelscope agentscopeMatch1.0.16

modelscope agentscopeMatch1.0.17

modelscope agentscopeMatch1.0.18

[
  {
    "vendor": "modelscope",
    "product": "agentscope",
    "versions": [
      {
        "version": "1.0.0",
        "status": "affected"
      },
      {
        "version": "1.0.1",
        "status": "affected"
      },
      {
        "version": "1.0.2",
        "status": "affected"
      },
      {
        "version": "1.0.3",
        "status": "affected"
      },
      {
        "version": "1.0.4",
        "status": "affected"
      },
      {
        "version": "1.0.5",
        "status": "affected"
      },
      {
        "version": "1.0.6",
        "status": "affected"
      },
      {
        "version": "1.0.7",
        "status": "affected"
      },
      {
        "version": "1.0.8",
        "status": "affected"
      },
      {
        "version": "1.0.9",
        "status": "affected"
      },
      {
        "version": "1.0.10",
        "status": "affected"
      },
      {
        "version": "1.0.11",
        "status": "affected"
      },
      {
        "version": "1.0.12",
        "status": "affected"
      },
      {
        "version": "1.0.13",
        "status": "affected"
      },
      {
        "version": "1.0.14",
        "status": "affected"
      },
      {
        "version": "1.0.15",
        "status": "affected"
      },
      {
        "version": "1.0.16",
        "status": "affected"
      },
      {
        "version": "1.0.17",
        "status": "affected"
      },
      {
        "version": "1.0.18",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:modelscope:agentscope:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "Internal Service"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/vuln/358240/cti
gist	www.gist.github.com/YLChen-007/ced2d438ae79a5a11cea663c1ba2c954
vuldb	www.vuldb.com/submit/792225
vuldb	www.vuldb.com/vuln/358240

29 Apr 2026 01:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 46.9

CVSS 3.17.3

CVSS 27.5

CVSS 37.3

EPSS0.00054

SSVC

CWE-918