13 matches found
Exploit for CVE-2026-2256
CVE-2026-...
MS-Agent vulnerable to Command Injection
A Command Injection vulnerability in ModelScope's MS-Agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...
GHSA-4GC2-344Q-R2RW MS-Agent vulnerable to Command Injection
A Command Injection vulnerability in ModelScope's MS-Agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...
defense-agent (>=0.1.0 <=0.2.0) potentially affected by CVE-2026-2256 via ms-agent (=1.6.0)
ms-agent PYPI version =1.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on ms-agent and may be impacted: - defense-agent =0.1.0, =0.2.0 Source cves: CVE-2026-2256 Source advisory: OSV:GHSA-4GC2-344Q-R2RW...
CVE-2026-2256
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...
CVE-2026-2256
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...
CVE-2026-2256 Command injection vulnerability in ModelScope's ms-agent
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...
CVE-2026-2256
Summary: CVE-2026-2256 affects ModelScope’s ms-agent up to version v1.6.0rc1. The root cause is improper input sanitization in the Shell tool, where a regex-based blacklist can be bypassed, enabling an attacker to run arbitrary OS commands via crafted prompt-derived input. This can lead to full s...
Arbitrary Command Injection
Overview ms-agent is a MS-Agent: Lightweight Framework for Empowering Agents with Autonomous Exploration Affected versions of this package are vulnerable to Arbitrary Command Injection via the ms-agent process. An attacker can execute arbitrary operating system commands by supplying specially...
EUVD-2026-9257
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...
CVE-2026-2256
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...
MS-Agent does not properly sanitize commands sent to its shell tool, allowing for RCE
Overview A command injection vulnerability was identified in the MS-Agent framework that can be triggered through unsanitized prompt-derived input. An attacker can craft untrusted input introduced via a chat prompt or other external content sources, resulting in arbitrary command execution on the...
Exploit for CVE-2026-2256
CVE-2026–2256 PoC Executive Summary A critical command in...