CVE-2026-2256 Command injection vulnerability in ModelScope's ms-agent

A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...

MS-Agent 安全漏洞

MS-Agent is an open-source personal assistant framework developed by ModelScope. Versions of MS-Agent prior to v1.6.0rc1 contained security vulnerabilities. These vulnerabilities stemmed from specially crafted prompt inputs that could lead to command injection, allowing execution of arbitrary...

PT-2026-22697

Name of the Vulnerable Software and Affected Versions ModelScope ms-agent versions v1.6.0rc1 and earlier Description A command injection flaw exists in ModelScope's ms-agent, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input. The vulnerabilit...

CVE-2024-8550

A Local File Inclusion LFI vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue aris...