CVE-2026-6603

| EUVD-2026-23770 MEDIUM
Code Injection (CWE-94)
2026-04-20 VulDB GHSA-cr24-fv3h-8cjm
RCE Code Injection
6.9
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Apr 20, 2026 - 05:26 vuln.today
Severity Changed
Apr 20, 2026 - 05:22 NVD
HIGH MEDIUM
CVSS changed
Apr 20, 2026 - 05:22 NVD
7.3 (HIGH) 6.9 (MEDIUM)

DescriptionNVD

A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function execute_python_code/execute_shell_command of the file src/AgentScope/tool/_coding/_python.py. This manipulation causes code injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Remote code execution in ModelScope AgentScope up to version 1.0.18 allows unauthenticated network attackers to inject and execute arbitrary Python code or shell commands through the execute_python_code and execute_shell_command functions in src/AgentScope/tool/_coding/_python.py. Publicly available exploit code exists, and the vendor has not responded to early disclosure notifications, leaving all versions up to 1.0.18 unpatched and actively exploitable.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-6603 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy