Description

A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.

INFO

Published Date :

2026-03-02T20:09:11.808Z

Last Modified :

2026-03-02T21:10:07.108Z

Source :

certcc
AFFECTED PRODUCTS

The following products are affected by CVE-2026-2256 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-2256.

URL Resource
https://github.com/Itamar-Yochpaz/CVE-2026-2256-PoC cve-icon cve-icon
https://github.com/modelscope/ms-agent cve-icon cve-icon
https://medium.com/@itamar.yochpaz/cve-2026-2256-from-ai-prompt-to-full-system-compromise-a4114c718326 cve-icon cve-icon
https://www.hiddenlayer.com/research/indirect-prompt-injection-of-claude-computer-use cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System