Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2026-2256
CVE-2026-2256
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.
Published Mar 3, 2026
https://github.com/Itamar-Yochpaz/CVE-2026-2256-PoC
CVSS Score
High
8.6
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
pypi
ms-agent
0.0.0
pypi
ms-agent
1.0.0
pypi
ms-agent
1.0.0rc0
pypi
ms-agent
1.0.1rc0
pypi
ms-agent
1.1.0
pypi
ms-agent
1.1.1
pypi
ms-agent
1.1.2
pypi
ms-agent
1.2.0
pypi
ms-agent
1.3.0
pypi
ms-agent
1.4.0
pypi
ms-agent
1.5.0
pypi
ms-agent
1.5.1
pypi
ms-agent
1.5.2
pypi
ms-agent
1.6.0rc0
pypi
ms-agent
1.6.0rc1
1-15 of 15
CVE-2026-2256 | Components Impacted | Sonatype Guide | Sonatype Guide
