CVE-2026-2256 - Vulnerability Analysis
MediumCVSS: 6.5Last Updated: March 3, 2026
ModelScope ms-agent - Command Injection
Overview
ModelScope ms-agent <= v1.6.0rc1 contains a command injection caused by crafted prompt-derived input, letting attackers execute arbitrary operating system commands remotely, exploit requires crafted input.
Severity & Score
Impact
Attackers can execute arbitrary operating system commands, potentially leading to full system compromise.
Mitigation
Update to the latest version beyond v1.6.0rc1.
References
- https://medium.com/@itamar.yochpaz/cve-2026-2256-from-ai-prompt-to-full-system-compromise-a4114c718326
- https://www.hiddenlayer.com/research/indirect-prompt-injection-of-claude-computer-use
- https://www.kb.cert.org/vuls/id/431821
- https://github.com/Itamar-Yochpaz/CVE-2026-2256-PoC
- https://github.com/modelscope/ms-agent
Social Media Activity(1 post)
Execwall – firewall to stop ModelScope CVE-2026-2256 (AI agent command injectn) CVE-2026-2256 just dropped - a prompt injection in ModelScope's ms-agent allows arbitrary OS command execution.... https://news.ycombinator.com/item?id=47371292 | https://awakari.com/sub-details.html?id=LLMs | https://awakari.com/pub-msg.html?id=LM1LLcb0flHp78GpzsxCqy70ASW&interestId=LLMs
View original postGitHub Repositories(1 repo)
Related Resources
Details
- CVE ID
- CVE-2026-2256
- Severity
- Medium
- CVSS Score
- 6.5
- Type
- command_injection
- Status
- unconfirmed
- EPSS
- 231.2%
- Social Posts
- 1
CWE
- CWE-77
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N