5 matches found
MS-Agent vulnerable to Command Injection
A Command Injection vulnerability in ModelScope's MS-Agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...
CVE-2026-2256
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...
CVE-2026-2256
Summary: CVE-2026-2256 affects ModelScope’s ms-agent up to version v1.6.0rc1. The root cause is improper input sanitization in the Shell tool, where a regex-based blacklist can be bypassed, enabling an attacker to run arbitrary OS commands via crafted prompt-derived input. This can lead to full s...
EUVD-2026-9257
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...
CVE-2026-2256
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...