Exploitation Summary
EIP tracks 3 public exploits for CVE-2026-2256. PoCs published by Itamar-Yochpaz, mruniversity, melbratic.
AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2026-2256, demonstrating a command injection vulnerability in the MS-Agent framework's Shell tool. The PoC bypasses the `check_safe()` function to execute arbitrary commands, including establishing a reverse shell.
Description
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.
Exploits (3)
This repository contains a functional proof-of-concept exploit for CVE-2026-2256, demonstrating a command injection vulnerability in the MS-Agent framework's Shell tool. The PoC bypasses the `check_safe()` function to execute arbitrary commands, including establishing a reverse shell.
This repository contains a detailed threat model (ThreatDragon JSON) and README for CVE-2026-2256, which involves arbitrary command execution in ModelScope ms-agent due to bypassing the check_safe() validation function. The threat model outlines the attack chain, trust boundaries, and potential threats, but does not include functional exploit code.
This repository contains a threat model analysis for CVE-2026-2256, detailing how attacker-controlled input bypasses the check_safe() validation function in ModelScope ms-agent, leading to arbitrary command execution. The threat model is structured using STRIDE methodology and includes a diagram of the attack chain.
References (5)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N