Fixed Intel

CVE-2026-2256

Medium
CVSS 6.5PoC Available

Description

A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.

CVSS Score

6.5/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Weakness Classification (CWE)

CWE-77Command InjectionMITRE

Known Exploits

POC
https://github.com/Itamar-Yochpaz/CVE-2026-2256-PoCgithub-poc

Related Articles (1)

Industry News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.

Mar 9, 2026

References (5)

https://github.com/Itamar-Yochpaz/CVE-2026-2256-PoCcret@cert.orghttps://github.com/modelscope/ms-agentcret@cert.orghttps://medium.com/@itamar.yochpaz/cve-2026-2256-from-ai-prompt-to-full-system-compromise-a4114c718326cret@cert.orghttps://www.hiddenlayer.com/research/indirect-prompt-injection-of-claude-computer-usecret@cert.orghttps://www.kb.cert.org/vuls/id/431821af854a3a-2127-422b-91ae-364da2661108

Risk Assessment

ELEVATED
Known exploit

Details

Severity
Medium
CVSS
6.5
CWE
CWE-77
Exploit
POC
CISA KEV
No
Articles
1

Timeline

Published

Mar 2, 2026

External Links

NVD (NIST)CVE DetailsMITRE CVE