CVE-2026-6603 | modelscope agentscope up to 1.0.18 _python.py execute_python_code/execute_shell_command code injection

Inserito da Angelo Barbosa | Apr 19, 2026 | CVE

A vulnerability was found in modelscope agentscope up to 1.0.18. It has been classified as critical. Affected by this vulnerability is the function execute_python_code/execute_shell_command of the file src/AgentScope/tool/_coding/_python.py. This manipulation causes code injection.

This vulnerability is tracked as CVE-2026-6603. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6603 | modelscope agentscope up to 1.0.18 _python.py execute_python_code/execute_shell_command code injection

Post correlati

CVE-2024-12952 | melMass comfy_mtb up to 0.1.4 Dependency comfy_mtb/endpoint.py run_command code injection

CVE-2023-6638 | GTG Product Feed for Shopping Plugin up to 1.2.4 on WordPress Setting authorization

CVE-2024-7492 | MainWP Child Reports Plugin up to 2.2 on WordPress Options Update cross-site request forgery

CVE-2025-21101 | Dell Display Manager up to 2.3.2.19 Installation race condition (dsa-2025-033)