MS-Agent vulnerable to Command Injection

A Command Injection vulnerability in ModelScope's MS-Agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...

GHSA-4GC2-344Q-R2RW MS-Agent vulnerable to Command Injection

A Command Injection vulnerability in ModelScope's MS-Agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...

EUVD-2026-9257

A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...

CVE-2026-2256

Summary: CVE-2026-2256 affects ModelScope’s ms-agent up to version v1.6.0rc1. The root cause is improper input sanitization in the Shell tool, where a regex-based blacklist can be bypassed, enabling an attacker to run arbitrary OS commands via crafted prompt-derived input. This can lead to full s...

MS-Agent 安全漏洞

MS-Agent is an open-source personal assistant framework developed by ModelScope. Versions of MS-Agent prior to v1.6.0rc1 contained security vulnerabilities. These vulnerabilities stemmed from specially crafted prompt inputs that could lead to command injection, allowing execution of arbitrary...

PT-2026-22697

Name of the Vulnerable Software and Affected Versions ModelScope ms-agent versions prior to v1.6.0rc1 Description A command injection issue exists in the Shell tool of the MS-Agent framework due to improper input sanitization. The regular expression-based blacklist used to filter harmful commands...

CVE-2006-2041

PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...