CVE-2026-2256: MS-Agent vulnerable to Command Injection
(updated )
A Command Injection vulnerability in ModelScope’s MS-Agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.
References
- github.com/Itamar-Yochpaz/CVE-2026-2256-PoC
- github.com/advisories/GHSA-4gc2-344q-r2rw
- github.com/modelscope/ms-agent
- medium.com/@itamar.yochpaz/cve-2026-2256-from-ai-prompt-to-full-system-compromise-a4114c718326
- nvd.nist.gov/vuln/detail/CVE-2026-2256
- www.hiddenlayer.com/research/indirect-prompt-injection-of-claude-computer-use
- www.kb.cert.org/vuls/id/431821
Code Behaviors & Features
Detect and mitigate CVE-2026-2256 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →