CVE-2026-2256
Command injection vulnerability in ModelScope's ms-agent
Description
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.
INFO
Published Date :
March 2, 2026, 9:16 p.m.
Last Modified :
March 2, 2026, 10:16 p.m.
Remotely Exploit :
No
Source :
[email protected]
Affected Products
The following products are affected by CVE-2026-2256
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Upgrade ms-agent to a non-vulnerable version.
- Sanitize all user-supplied input.
- Validate input against expected formats.
Public PoC/Exploit Available at Github
CVE-2026-2256 has a 2 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-2256.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-2256 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-2256
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Community reconstruction of the legacy JSON NVD Data Feeds. This project uses and redistributes data from the NVD API but is neither endorsed nor certified by the NVD.
Shell
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-2256 vulnerability anywhere in the article.
-
Daily CyberSecurity
Security Alert: Android March 2026 Update Targets Actively Exploited Zero-Day
Google has released its most substantial security update in years, addressing a total of 129 vulnerabilities in the March 2026 Android Security Bulletin. The massive patch arrives amid warnings that a ... Read more
-
Daily CyberSecurity
CVE-2026-2256: Unpatched Flaw in MS-Agent Lets Hackers Hijack AI Assistants
We are officially entering the era of the “autonomous agent”—smart AI programs that don’t just chat with you, but actually do things on your computer, like organizing files, searching the web, or runn ... Read more
-
Daily CyberSecurity
Beyond the Router: How the Zerobotv9 Botnet is Hijacking Enterprise Automation
According to a recent investigation by the Akamai Security Intelligence and Response Team (SIRT), a notorious malware family known as Zerobot has re-emerged with new tricks. This latest iteration, dub ... Read more
-
Daily CyberSecurity
High-Severity XSS Flaw in Angular i18n Turns Language Files into Backdoors
A newly security flaw was found in the widely used Angular web building platform. Identified as CVE-2026-27970 (and rated as a high-severity 7.6), this vulnerability shows how hackers could easily hid ... Read more
-
Daily CyberSecurity
From Chat App to Dark Web: How Telegram Became the New Hub for Cybercrime
For millions of people around the world, Telegram is a secure and convenient way to chat with friends, follow news channels, or join community groups. However, beneath the surface of everyday messagin ... Read more
-
Daily CyberSecurity
Bridging the Gap: North Korean APT37 Deploys ‘Ruby Jumper’ to Infiltrate Isolated Air-Gapped Networks
In a sophisticated escalation of cyber espionage, the North Korean-linked threat group APT37 (also known as ScarCruft or Ruby Sleet) has been caught deploying a novel toolkit designed to leap over the ... Read more
The following table lists the changes that have been made to the
CVE-2026-2256 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Mar. 02, 2026
Action Type Old Value New Value Added Reference https://www.kb.cert.org/vuls/id/431821 -
New CVE Received by [email protected]
Mar. 02, 2026
Action Type Old Value New Value Added Description A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input. Added Reference https://github.com/Itamar-Yochpaz/CVE-2026-2256-PoC Added Reference https://github.com/modelscope/ms-agent Added Reference https://medium.com/@itamar.yochpaz/cve-2026-2256-from-ai-prompt-to-full-system-compromise-a4114c718326 Added Reference https://www.hiddenlayer.com/research/indirect-prompt-injection-of-claude-computer-use