Agents
CVE-2026-2256: MS-Agent Shell Tool RCE via Prompt Injection — Vendor Unresponsive, No Patch Available
ModelScope's MS-Agent framework (v1.5.2) has a critical input sanitization flaw in its Shell tool that enables arbitrary command execution through prompt injection. The Shell tool uses a regex-based blacklist — a known unsafe pattern — that attackers bypass by injecting malicious instructions into any data source the agent processes (prompts, documents, logs). Successful exploitation enables reading API keys and secrets, dropping payloads, establishing persistence, and pivoting to internal systems. CERT/CC reports the vendor has not responded to coordination efforts since the March 3, 2026 disclosure.
Source
↳ Follow the thread