Agents
MS-Agent CVE-2026-2256: Prompt Injection Escalates to Full System Compromise via Unsanitized Shell Execution in ModelScope Agent Framework
CVE-2026-2256 (VU#431821) in Alibaba's MS-Agent framework allows attackers to achieve full system compromise through prompt injection that triggers unsanitized shell command execution. The framework's regex-based command blacklist is trivially bypassed, enabling arbitrary OS command execution with agent process privileges. CERT/CC confirmed no vendor patch is available; the vulnerability affects any deployment where agents consume untrusted inputs like documents, logs, or research data.
Source
↳ Follow the thread