CVE-2026-2256 PUBLISHED

Command injection vulnerability in ModelScope's ms-agent

Assigner: certcc
Reserved: 09.02.2026 Published: 02.03.2026 Updated: 03.03.2026

A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.

Product Status

Vendor	ModelScope
Product	ms-agent
Versions	affected from 0 to v1.6.0rc1 (incl.)

References

https://github.com/modelscope/ms-agent
https://www.hiddenlayer.com/research/indirect-prompt-injection-of-claude-computer-use
https://medium.com/@itamar.yochpaz/cve-2026-2256-from-ai-prompt-to-full-system-compromise-a4114c718326
https://github.com/Itamar-Yochpaz/CVE-2026-2256-PoC

Problem Types

CWE-94 Improper Control of Generation of Code ('Code Injection')