187 matches found
EUVD-2026-23777
A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...
AgentScope vulnerable to Server-Side Request Forgery
A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...
GHSA-CRX8-WPV6-JRJ2 AgentScope vulnerable to Server-Side Request Forgery
A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...
adclaw (>=1.0.0 <=1.0.4), agentscope-runtime (=1.0.5.post1) +13 more potentially affected by CVE-2026-6606 via agentscope (>=0.1.0 <=1.0.18)
agentscope PYPI version =0.1.0, =1.0.0, =1.0.0.post2, =0.1.0, =0.1.0, =0.1.0.post1, =1.1.0, =1.0.2, =0.1.7, =1.0.1, =1.0.0.4, =0.83.0, =0.83.0, =0.116.1 Source cves: CVE-2026-6606 Source advisory: OSV:GHSA-CRX8-WPV6-JRJ2...
adclaw (>=1.0.0 <=1.0.4), agentscope-runtime (=1.0.5.post1) +13 more potentially affected by CVE-2026-6604 via agentscope (>=0.1.0 <=1.0.18)
agentscope PYPI version =0.1.0, =1.0.0, =1.0.0.post2, =0.1.0, =0.1.0, =0.1.0.post1, =1.1.0, =1.0.2, =0.1.7, =1.0.1, =1.0.0.4, =0.83.0, =0.83.0, =0.116.1 Source cves: CVE-2026-6604 Source advisory: OSV:GHSA-659X-HM75-HPV7...
adclaw (>=1.0.0 <=1.0.4), agentscope-runtime (=1.0.5.post1) +13 more potentially affected by CVE-2026-6603 via agentscope (>=0.1.0 <=1.0.18)
agentscope PYPI version =0.1.0, =1.0.0, =1.0.0.post2, =0.1.0, =0.1.0, =0.1.0.post1, =1.1.0, =1.0.2, =0.1.7, =1.0.1, =1.0.0.4, =0.83.0, =0.83.0, =0.116.1 Source cves: CVE-2026-6603 Source advisory: OSV:GHSA-CR24-FV3H-8CJM...
adclaw (>=1.0.0 <=1.0.4), agentscope-runtime (=1.0.5.post1) +13 more potentially affected by CVE-2026-6605 via agentscope (>=0.1.0 <=1.0.18)
agentscope PYPI version =0.1.0, =1.0.0, =1.0.0.post2, =0.1.0, =0.1.0, =0.1.0.post1, =1.1.0, =1.0.2, =0.1.7, =1.0.1, =1.0.0.4, =0.83.0, =0.83.0, =0.116.1 Source cves: CVE-2026-6605 Source advisory: OSV:GHSA-8GGF-R3VM-P3JC...
AgentScope vulnerable to Server-Side Request Forgery
A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function getbytesfromweburl of the file src/agentscope/utils/common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the...
GHSA-8GGF-R3VM-P3JC AgentScope vulnerable to Server-Side Request Forgery
A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function getbytesfromweburl of the file src/agentscope/utils/common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the...
AgentScope Vulnerable to Remote Code Injection
A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...
EUVD-2026-23770
A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...
GHSA-CR24-FV3H-8CJM AgentScope Vulnerable to Remote Code Injection
A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...
AgentScope vulnerable to Server-Side Request Forgery
A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...
EUVD-2026-23774
A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function getbytesfromweburl of the file src/agentscope/utils/common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the...
EUVD-2026-23773
A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...
GHSA-659X-HM75-HPV7 AgentScope vulnerable to Server-Side Request Forgery
A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...
adclaw (>=1.0.0 <=1.0.4), agentjet (=0.0.1) +24 more potentially affected by CVE-2026-6606 via agentscope (>=0.1.0 <=1.0.7)
agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.1.0.post1, =0.2.0, =0.4.0, =0.1.6, =0.1.84 and more Source cves: CVE-2026-6606 Source advisory: SNYK:PYTHON-AGENTSCOPE-16318346...
Server-side Request Forgery (SSRF)
Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the processaudioblock function. An attacker can make unauthorized requests to internal or external systems by supplying crafte...
adclaw (>=1.0.0 <=1.0.4), agentjet (=0.0.1) +24 more potentially affected by CVE-2026-6604 via agentscope (>=0.1.0 <=1.0.7)
agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.1.0.post1, =0.2.0, =0.4.0, =0.1.6, =0.1.84 and more Source cves: CVE-2026-6604 Source advisory: SNYK:PYTHON-AGENTSCOPE-16318343...
adclaw (>=1.0.0 <=1.0.4), agentjet (=0.0.1) +24 more potentially affected by CVE-2026-6603 via agentscope (>=0.1.0 <=1.0.7)
agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.1.0.post1, =0.2.0, =0.4.0, =0.1.6, =0.1.84 and more Source cves: CVE-2026-6603 Source advisory: SNYK:PYTHON-AGENTSCOPE-16318344...