CVE-2026-6618 langgenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-side request forgery

A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parseopenaipluginjsontotoolbundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The...

CVE-2026-6617 langgenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgery

A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function getapitoolproviderremoteschema of the file api/services/tools/apitoolsmanageservice.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-side...

CVE-2026-6616 TransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgery

A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extractwithbs4/extractwith3k/extractwithlxml of the file superagi/helper/webpageextractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery. I...

CVE-2026-6616

TransformerOptimus SuperAGI up to version 0.0.14 contains a server-side request forgery in the WebScraperTool’s webpage_extractor.py, affecting functions extract_with_bs4, extract_with_3k, and extract_with_lxml. The issue arises in superagi/helper/webpage_extractor.py and is exploitable remotely;...

CVE-2026-6616

A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extractwithbs4/extractwith3k/extractwithlxml of the file superagi/helper/webpageextractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery. I...

AgentScope vulnerable to Server-Side Request Forgery

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

GHSA-CRX8-WPV6-JRJ2 AgentScope vulnerable to Server-Side Request Forgery

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

AgentScope vulnerable to Server-Side Request Forgery

A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function getbytesfromweburl of the file src/agentscope/utils/common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the...

AgentScope vulnerable to Server-Side Request Forgery

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

Server-side Request Forgery (SSRF)

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the processaudioblock function. An attacker can make unauthorized requests to internal or external systems by supplying crafte...

Server-side Request Forgery (SSRF)

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the parseurl, prepareimage and openaiaudiototext functions. An attacker can access internal resources and potentially exfiltra...

Server-side Request Forgery (SSRF)

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the getbytesfromweburl function. An attacker can access internal resources or sensitive information by sending crafted request...

CVE-2026-6606

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

CVE-2026-6604

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

CVE-2026-6606

Scope: modelscope agentscope

CVE-2026-6606 modelscope agentscope _agent_base.py _process_audio_block server-side request forgery

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

CVE-2026-6605

A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function getbytesfromweburl of the file src/agentscope/utils/common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the...

CVE-2026-6605 modelscope agentscope Internal Service _common.py _get_bytes_from_web_url server-side request forgery

A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function getbytesfromweburl of the file src/agentscope/utils/common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the...

CVE-2026-6604

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

CVE-2026-6604 modelscope agentscope Cloud Metadata Endpoint _openai_tools.py openai_audio_to_text server-side request forgery

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...