1. Home
  2. Vulnerabilities
  3. CVE-2026-2256
6.5
MEDIUM CVSS 3.1
CVE-2026-2256
Command injection vulnerability in ModelScope's ms-agent
Description

A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.

INFO

Published Date :

March 2, 2026, 9:16 p.m.

Last Modified :

March 3, 2026, 9:52 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
Affected Products

The following products are affected by CVE-2026-2256 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM 134c704f-9b21-4f2e-91b3-4a467353bcc0
Solution
Update ms-agent to version 1.6.0rc2 or later to fix command injection.
  • Upgrade ms-agent to a non-vulnerable version.
  • Sanitize all user-supplied input.
  • Validate input against expected formats.
Public PoC/Exploit Available at Github

CVE-2026-2256 has a 2 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-2256.

URL Resource
https://github.com/Itamar-Yochpaz/CVE-2026-2256-PoC
https://github.com/modelscope/ms-agent
https://medium.com/@itamar.yochpaz/cve-2026-2256-from-ai-prompt-to-full-system-compromise-a4114c718326
https://www.hiddenlayer.com/research/indirect-prompt-injection-of-claude-computer-use
https://www.kb.cert.org/vuls/id/431821
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-2256 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-2256 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
koatora20/guard-scanner

🛡️ Agent Skill Security Scanner — 352 patterns, 32 threat categories, Runtime Guard hook. Zero-Trust security policy layer for MCP/A2A agents.

TypeScript JavaScript

Updated: 5 hours, 53 minutes ago
0 stars 0 fork 0 watcher
Born at : Feb. 16, 2026, 11:43 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
nomi-sec/PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

security cve exploit poc vulnerability

Updated: 1 hour, 44 minutes ago
7556 stars 1241 fork 1241 watcher
Born at : Dec. 8, 2019, 1:03 p.m. This repo has been linked 761 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-2256 vulnerability anywhere in the article.

  • Daily CyberSecurity
Escalation in the Shadows: Iranian APT Seedworm Deploys ‘Dindoor’ Backdoor in New Cyberoffensive

As geopolitical tensions escalate in the Middle East, the digital battlefield is seeing a parallel surge in activity. The Threat Hunter Team has released a critical report documenting a spike in cyber ... Read more

Published Date: Mar 09, 2026 (7 hours, 41 minutes ago)
  • Daily CyberSecurity
Critical 9.4 CVSS Zephyr RTOS Flaw Exposes Millions of IoT Devices to RCE

Security researchers have disclosed a critical memory-safety vulnerability in the Zephyr Project, a high-profile, scalable real-time operating system (RTOS) designed for resource-constrained IoT devic ... Read more

Published Date: Mar 09, 2026 (7 hours, 50 minutes ago)
  • Daily CyberSecurity
Vault Unlocked: High-Severity Flaws in Vaultwarden Expose Encrypted Secrets and Allow Privilege Escalation

Security researchers have identified a series of critical vulnerabilities in Vaultwarden, the popular lightweight, self-hosted alternative to the Bitwarden API. The flaws range from unauthorized privi ... Read more

Published Date: Mar 09, 2026 (7 hours, 58 minutes ago)
  • Daily CyberSecurity
Critical 9.3 CVSS Flaw in SiYuan Lets Hackers Steal Private Notes via SVG Injection

Security researchers have disclosed a high-severity vulnerability in SiYuan, the popular privacy-first personal knowledge management system. The flaw, tracked as CVE-2026-29183 with a CVSS score of 9. ... Read more

Published Date: Mar 09, 2026 (8 hours, 3 minutes ago)
  • Daily CyberSecurity
Critical Bypasses and Secret Leaks Patched in Apache ZooKeeper

The Apache Software Foundation has released an urgent security update for Apache ZooKeeper, the mission-critical service used by thousands of distributed applications for configuration, naming, and sy ... Read more

Published Date: Mar 09, 2026 (8 hours, 9 minutes ago)
  • Daily CyberSecurity
1-Click to Compromise: Critical 9.3 CVSS Flaw in ZITADEL Exposes Accounts to Full Takeover

Security researchers have disclosed a high-severity vulnerability in ZITADEL, the popular open-source identity and access management (IAM) platform. The flaw, tracked as CVE-2026-29191 with a CVSS sco ... Read more

Published Date: Mar 09, 2026 (8 hours, 20 minutes ago)
  • Daily CyberSecurity
Unauthenticated Nginx UI Flaw Leaks Decryption Keys and Server Secrets

Security researchers have uncovered a critical vulnerabilities in Nginx UI, a popular web-based interface used to manage and monitor Nginx server clusters. The flaw, tracked as CVE-2026-27944 with a m ... Read more

Published Date: Mar 08, 2026 (1 day, 4 hours ago)
  • Daily CyberSecurity
Exposed in Plain Sight: Critical Privacy Flaw Defeats Viber’s Anti-Censorship ‘Cloak’ Mode

The CERT Coordination Center (CERT/CC) has issued a vulnerability note regarding a significant privacy flaw in Rakuten Viber, one of the world’s most popular messaging and VoIP applications. The vulne ... Read more

Published Date: Mar 06, 2026 (3 days, 5 hours ago)
  • Daily CyberSecurity
Eyes on the Front: Iranian Threat Actors Weaponize IP Cameras in Middle East Conflict

As modern warfare increasingly moves into the digital realm, a new report from Check Point Research (CPR) reveals how cyber operations are being used as a “force multiplier” for kinetic military actio ... Read more

Published Date: Mar 06, 2026 (3 days, 8 hours ago)
  • Daily CyberSecurity
Cracking the Cloud’s Crypto: Unauthenticated Bypass Flaws Found in Amazon’s AWS-LC Library

Cybersecurity researchers have identified three significant vulnerabilities in AWS-LC, Amazon’s open-source cryptographic library used extensively across its cloud infrastructure and global services. ... Read more

Published Date: Mar 06, 2026 (3 days, 8 hours ago)
  • Daily CyberSecurity
Weaponized in the Wild: Public PoC Exploit Disclosed for Critical 10.0 Cisco SD-WAN Flaw

The cybersecurity landscape has shifted into high gear following the public disclosure of a critical authentication bypass in Cisco Catalyst SD-WAN. The vulnerability, tracked as CVE-2026-20127, carri ... Read more

Published Date: Mar 05, 2026 (3 days, 22 hours ago)
  • Daily CyberSecurity
Integer Overflow Flaw in Apache ActiveMQ Exposes MQTT Brokers to DoS

The Apache Software Foundation has released a security update for Apache ActiveMQ, addressing a significant integer overflow vulnerability in its MQTT transport connector. The flaw, tracked as CVE-202 ... Read more

Published Date: Mar 05, 2026 (4 days ago)
  • Daily CyberSecurity
Under Attack: Cisco Urges Immediate Action as Hackers Actively Exploit SD-WAN Manager Flaws

Cisco has issued an urgent update to its security advisory, warning that two vulnerabilities in the Cisco Catalyst SD-WAN Manager are now being actively exploited by hackers in the wild. The vulnerabi ... Read more

Published Date: Mar 05, 2026 (4 days, 5 hours ago)
  • Daily CyberSecurity
Root Access for All: Critical Auth Bypass Hits Cisco Firewall Management Center

Cybersecurity authorities are sounding the alarm on a critical vulnerability in the Cisco Secure Firewall Management Center (FMC). The flaw, tracked as CVE-2026-20079, has been assigned a maximum CVSS ... Read more

Published Date: Mar 05, 2026 (4 days, 6 hours ago)
  • Daily CyberSecurity
Critical 10.0 CVSS Flaw in pac4j-jwt Lets Hackers Forge Admin Tokens

Cybersecurity researchers have uncovered a critical vulnerability in pac4j-jwt, a popular Java-based library used to secure thousands of applications through JSON Web Tokens (JWT). The flaw, tracked a ... Read more

Published Date: Mar 05, 2026 (4 days, 6 hours ago)
  • Daily CyberSecurity
Update Chrome Now: Google Patches 3 Critical Flaws and 7 High-Risk Vulnerabilities

Google has released an urgent update for the Chrome Stable channel, addressing 10 security vulnerabilities, including three rated as “Critical” and seven rated as “High” severity. The update is rollin ... Read more

Published Date: Mar 05, 2026 (4 days, 6 hours ago)
  • Daily CyberSecurity
Critical 10.0 CVSS Flaw in Cisco Secure FMC Hands Hackers Root Access to Enterprise Firewalls

Cybersecurity researchers have identified a critical vulnerability in Cisco Secure Firewall Management Center (FMC) Software, the administrative “nerve center” used to manage unified security policies ... Read more

Published Date: Mar 05, 2026 (4 days, 6 hours ago)
  • Daily CyberSecurity
CVSS 10.0 Unauthenticated Remote Code Execution in FreeScout (Public Proof-of-Concept Disclosed)

Security researchers have uncovered a maximum-score vulnerability in FreeScout, the popular open-source help desk and shared inbox platform. The flaw, tracked as CVE-2026-28289, carries a CVSS score o ... Read more

Published Date: Mar 05, 2026 (4 days, 7 hours ago)
  • Daily CyberSecurity
Critical Infrastructure Alert: Unauthenticated Flaw in Labkotec Ice Detectors Could Freeze Operations

Cybersecurity authorities have issued a stark warning regarding a critical vulnerability in Labkotec’s LID-3300IP, a widely deployed ice detection system integral to the safety and efficiency of wind ... Read more

Published Date: Mar 05, 2026 (4 days, 7 hours ago)
  • Daily CyberSecurity
Coruna: The High-Powered iOS Exploit Kit Proliferating Across the Global Threat Landscape

Coruna iOS exploit kit timeline The Google Threat Intelligence Group (GTIG) has detailed the curtain on “Coruna,” a formidable iOS exploit kit that has transitioned from the hands of commercial survei ... Read more

Published Date: Mar 05, 2026 (4 days, 7 hours ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-2256 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Mar. 03, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
    Added CWE CWE-77
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Mar. 02, 2026

    Action Type Old Value New Value
    Added Reference https://www.kb.cert.org/vuls/id/431821
  • New CVE Received by [email protected]

    Mar. 02, 2026

    Action Type Old Value New Value
    Added Description A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.
    Added Reference https://github.com/Itamar-Yochpaz/CVE-2026-2256-PoC
    Added Reference https://github.com/modelscope/ms-agent
    Added Reference https://medium.com/@itamar.yochpaz/cve-2026-2256-from-ai-prompt-to-full-system-compromise-a4114c718326
    Added Reference https://www.hiddenlayer.com/research/indirect-prompt-injection-of-claude-computer-use
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 6.5
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact