CVE-2026-2256

{"id": "CVE-2026-2256", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2026-03-02T21:16:27.797", "references": [{"url": "https://github.com/Itamar-Yochpaz/CVE-2026-2256-PoC", "source": "cret@cert.org"}, {"url": "https://github.com/modelscope/ms-agent", "source": "cret@cert.org"}, {"url": "https://medium.com/@itamar.yochpaz/cve-2026-2256-from-ai-prompt-to-full-system-compromise-a4114c718326", "source": "cret@cert.org"}, {"url": "https://www.hiddenlayer.com/research/indirect-prompt-injection-of-claude-computer-use", "source": "cret@cert.org"}, {"url": "https://www.kb.cert.org/vuls/id/431821", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de comandos existe en las versiones v1.6.0rc1 y anteriores de ms-agent de ModelScope, permitiendo a un atacante ejecutar comandos arbitrarios del sistema operativo a trav\u00e9s de una entrada manipulada derivada de un prompt."}], "lastModified": "2026-03-03T21:52:29.877", "sourceIdentifier": "cret@cert.org"}