1. Home
  2. Vulnerabilities
  3. CVE-2026-2256
6.5
MEDIUM CVSS 3.1
CVE-2026-2256
Command injection vulnerability in ModelScope's ms-agent
Overview
Description

A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.

Details
INFO

Published Date :

March 2, 2026, 9:16 p.m.

Last Modified :

March 3, 2026, 9:52 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
Impact
Affected Products

The following products are affected by CVE-2026-2256 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0
Scoring
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM 134c704f-9b21-4f2e-91b3-4a467353bcc0
Solution
Update ms-agent to version 1.6.0rc2 or later to fix command injection.
  • Upgrade ms-agent to a non-vulnerable version.
  • Sanitize all user-supplied input.
  • Validate input against expected formats.
Public PoC/Exploit Available at Github

CVE-2026-2256 has a 3 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-2256.

URL Resource
https://github.com/Itamar-Yochpaz/CVE-2026-2256-PoC
https://github.com/modelscope/ms-agent
https://medium.com/@itamar.yochpaz/cve-2026-2256-from-ai-prompt-to-full-system-compromise-a4114c718326
https://www.hiddenlayer.com/research/indirect-prompt-injection-of-claude-computer-use
https://www.kb.cert.org/vuls/id/431821
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-2256 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-2256 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
brandonwise/agentwise

🛡️ Security scanner for AI agents. Finds vulnerabilities in MCP servers, agent configs, and tool setups. Written in Rust.

Shell Rust Python HTML

Updated: 3 days, 18 hours ago
2 stars 0 fork 0 watcher
Born at : March 14, 2026, 1:23 a.m. This repo has been linked 5 different CVEs too.
Profile Photo
koatora20/guard-scanner

🛡️ Agent Security Scanner — 364 patterns, 35 threat categories, 27 runtime checks. Zero-Trust policy layer for MCP/A2A agents.

ai-agent code-scanning mcp openclaw prompt-injection security

TypeScript JavaScript Rust

Updated: 5 days, 6 hours ago
2 stars 0 fork 0 watcher
Born at : Feb. 16, 2026, 11:43 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
nomi-sec/PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

security cve exploit poc vulnerability

Updated: 1 day, 8 hours ago
7589 stars 1242 fork 1242 watcher
Born at : Dec. 8, 2019, 1:03 p.m. This repo has been linked 778 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-2256 vulnerability anywhere in the article.

  • Daily CyberSecurity
The Weekly Breach: 7 Maximum CVSS Flaws and the DarkSword Exploit Unveiled

The past seven days have been an exceptionally busy period for cybersecurity defenders. Between March 16 and March 23, a staggering 1,348 new vulnerabilities were identified and logged. While the shee ... Read more

Published Date: Mar 23, 2026 (6 hours, 29 minutes ago)
  • Daily CyberSecurity
Critical RCE Vulnerabilities Uncovered in Janitza and Weidmueller Energy Meters

Energy management systems are under the microscope following a security advisory from CERT@VDE, which reveals multiple critical vulnerabilities in Janitza and Weidmueller devices. These flaws, if expl ... Read more

Published Date: Mar 11, 2026 (1 week, 5 days ago)
  • Daily CyberSecurity
The ‘Must-Patch’ List: CISA Adds Actively Exploited SolarWinds, Ivanti, and Omnissa Flaws to KEV

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding three high-stakes flaws that are currently being leveraged by malicio ... Read more

Published Date: Mar 10, 2026 (1 week, 5 days ago)
  • Daily CyberSecurity
Critical Alert: SAP’s Latest Security Update Fixes 9.8 CVSS RCE and Deserialization Flaws

Today, 2026, SAP released its monthly security patch update, addressing 15 new security notes across its product ecosystem. This month’s update is particularly significant, featuring two Critical prio ... Read more

Published Date: Mar 10, 2026 (1 week, 6 days ago)
  • Daily CyberSecurity
Critical 9.8 CVSS Flaws Expose SICK Lector Scanners to Hijacking

In a significant update for the industrial automation sector, SICK PSIRT has issued a high-priority security advisory regarding two critical vulnerabilities affecting the Lector85x and Lector83x produ ... Read more

Published Date: Mar 10, 2026 (1 week, 6 days ago)
  • Daily CyberSecurity
Critical 9.3 CVSS Flaw in Gogs Turns Repositories into Malware Delivery Vectors

The Gogs project, a popular self-hosted Git service prized for its simplicity and painless setup, has been hit by a critical security flaw that could turn trusted repositories into delivery vectors fo ... Read more

Published Date: Mar 10, 2026 (1 week, 6 days ago)
  • Daily CyberSecurity
Critical Request Smuggling & Cache Flaws Discovered in Cloudflare’s Pingora

Security researchers have disclosed three significant vulnerabilities in Pingora, the high-performance Rust framework developed by Cloudflare to build programmable network services. While Rust is cele ... Read more

Published Date: Mar 10, 2026 (1 week, 6 days ago)
  • Daily CyberSecurity
Escalation in the Shadows: Iranian APT Seedworm Deploys ‘Dindoor’ Backdoor in New Cyberoffensive

As geopolitical tensions escalate in the Middle East, the digital battlefield is seeing a parallel surge in activity. The Threat Hunter Team has released a critical report documenting a spike in cyber ... Read more

Published Date: Mar 09, 2026 (2 weeks ago)
  • Daily CyberSecurity
Critical 9.4 CVSS Zephyr RTOS Flaw Exposes Millions of IoT Devices to RCE

Security researchers have disclosed a critical memory-safety vulnerability in the Zephyr Project, a high-profile, scalable real-time operating system (RTOS) designed for resource-constrained IoT devic ... Read more

Published Date: Mar 09, 2026 (2 weeks ago)
  • Daily CyberSecurity
Vault Unlocked: High-Severity Flaws in Vaultwarden Expose Encrypted Secrets and Allow Privilege Escalation

Security researchers have identified a series of critical vulnerabilities in Vaultwarden, the popular lightweight, self-hosted alternative to the Bitwarden API. The flaws range from unauthorized privi ... Read more

Published Date: Mar 09, 2026 (2 weeks ago)
  • Daily CyberSecurity
Critical 9.3 CVSS Flaw in SiYuan Lets Hackers Steal Private Notes via SVG Injection

Security researchers have disclosed a high-severity vulnerability in SiYuan, the popular privacy-first personal knowledge management system. The flaw, tracked as CVE-2026-29183 with a CVSS score of 9. ... Read more

Published Date: Mar 09, 2026 (2 weeks ago)
  • Daily CyberSecurity
Critical Bypasses and Secret Leaks Patched in Apache ZooKeeper

The Apache Software Foundation has released an urgent security update for Apache ZooKeeper, the mission-critical service used by thousands of distributed applications for configuration, naming, and sy ... Read more

Published Date: Mar 09, 2026 (2 weeks ago)
  • Daily CyberSecurity
1-Click to Compromise: Critical 9.3 CVSS Flaw in ZITADEL Exposes Accounts to Full Takeover

Security researchers have disclosed a high-severity vulnerability in ZITADEL, the popular open-source identity and access management (IAM) platform. The flaw, tracked as CVE-2026-29191 with a CVSS sco ... Read more

Published Date: Mar 09, 2026 (2 weeks ago)
  • Daily CyberSecurity
Unauthenticated Nginx UI Flaw Leaks Decryption Keys and Server Secrets

Security researchers have uncovered a critical vulnerabilities in Nginx UI, a popular web-based interface used to manage and monitor Nginx server clusters. The flaw, tracked as CVE-2026-27944 with a m ... Read more

Published Date: Mar 08, 2026 (2 weeks, 1 day ago)
  • Daily CyberSecurity
Exposed in Plain Sight: Critical Privacy Flaw Defeats Viber’s Anti-Censorship ‘Cloak’ Mode

The CERT Coordination Center (CERT/CC) has issued a vulnerability note regarding a significant privacy flaw in Rakuten Viber, one of the world’s most popular messaging and VoIP applications. The vulne ... Read more

Published Date: Mar 06, 2026 (2 weeks, 3 days ago)
  • Daily CyberSecurity
Eyes on the Front: Iranian Threat Actors Weaponize IP Cameras in Middle East Conflict

As modern warfare increasingly moves into the digital realm, a new report from Check Point Research (CPR) reveals how cyber operations are being used as a “force multiplier” for kinetic military actio ... Read more

Published Date: Mar 06, 2026 (2 weeks, 3 days ago)
  • Daily CyberSecurity
Cracking the Cloud’s Crypto: Unauthenticated Bypass Flaws Found in Amazon’s AWS-LC Library

Cybersecurity researchers have identified three significant vulnerabilities in AWS-LC, Amazon’s open-source cryptographic library used extensively across its cloud infrastructure and global services. ... Read more

Published Date: Mar 06, 2026 (2 weeks, 3 days ago)
  • Daily CyberSecurity
Weaponized in the Wild: Public PoC Exploit Disclosed for Critical 10.0 Cisco SD-WAN Flaw

The cybersecurity landscape has shifted into high gear following the public disclosure of a critical authentication bypass in Cisco Catalyst SD-WAN. The vulnerability, tracked as CVE-2026-20127, carri ... Read more

Published Date: Mar 05, 2026 (2 weeks, 3 days ago)
  • Daily CyberSecurity
Integer Overflow Flaw in Apache ActiveMQ Exposes MQTT Brokers to DoS

The Apache Software Foundation has released a security update for Apache ActiveMQ, addressing a significant integer overflow vulnerability in its MQTT transport connector. The flaw, tracked as CVE-202 ... Read more

Published Date: Mar 05, 2026 (2 weeks, 3 days ago)
  • Daily CyberSecurity
Under Attack: Cisco Urges Immediate Action as Hackers Actively Exploit SD-WAN Manager Flaws

Cisco has issued an urgent update to its security advisory, warning that two vulnerabilities in the Cisco Catalyst SD-WAN Manager are now being actively exploited by hackers in the wild. The vulnerabi ... Read more

Published Date: Mar 05, 2026 (2 weeks, 4 days ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-2256 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Mar. 03, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
    Added CWE CWE-77
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Mar. 02, 2026

    Action Type Old Value New Value
    Added Reference https://www.kb.cert.org/vuls/id/431821
  • New CVE Received by [email protected]

    Mar. 02, 2026

    Action Type Old Value New Value
    Added Description A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.
    Added Reference https://github.com/Itamar-Yochpaz/CVE-2026-2256-PoC
    Added Reference https://github.com/modelscope/ms-agent
    Added Reference https://medium.com/@itamar.yochpaz/cve-2026-2256-from-ai-prompt-to-full-system-compromise-a4114c718326
    Added Reference https://www.hiddenlayer.com/research/indirect-prompt-injection-of-claude-computer-use
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
Base CVSS Score: 6.5
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact