2026-03-02 20:09:11
certcc
PUBLISHED
A command injection vulnerability in ModelScopes ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.