WRITEUP

WRITEUP WORKING POC

Exploit for CVE-2026-2256 - ModelScope ms-agent <v1.6.0rc1 - Command Injection

AI Analysis

This repository contains a functional proof-of-concept exploit for CVE-2026-2256, demonstrating a command injection vulnerability in the MS-Agent framework's Shell tool. The PoC bypasses the `check_safe()` function to execute arbitrary commands, including establishing a reverse shell.

Attack Type

RCE

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type poc

Files 3

https://github.com/Itamar-Yochpaz/CVE-2026-2256-PoC

Authors

Itamar Yochpaz

Vulnerability

CVE-2026-2256

ModelScope ms-agent <v1.6.0rc1 - Command Injection

MEDIUM

CVSS 6.5