Reddit
MS-Agent CVE-2026-2256: Critical AI Framework Vulnerability Allows Full System Hijack via Regex Bypass
A critical vulnerability in Alibaba's ModelScope MS-Agent framework allows attackers to achieve full system compromise through the Shell tool's check_safe() method, which uses regex-based denylist filtering bypassable via command obfuscation, alternative shell syntax, or encoding tricks. Exploitation grants arbitrary command execution with MS-Agent process privileges — enabling API key exfiltration, persistence establishment, lateral movement, and build output injection. The vulnerability was responsibly disclosed March 2, 2026, and the vendor has not responded to CERT/CC coordination efforts.
Source
↳ Follow the thread