CVE-2026-6605

Exploit

EPSS 0.04%
Veröffentlicht 20.04.2026 04:30:13
Zuletzt bearbeitet 20.04.2026 05:16:15
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function _get_bytes_from_web_url of the file src/agentscope/_utils/_common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellermodelscope

≫

Produkt agentscope

Version 1.0.0

Status affected

Version 1.0.1

Status affected

Version 1.0.2

Status affected

Version 1.0.3

Status affected

Version 1.0.4

Status affected

Version 1.0.5

Status affected

Version 1.0.6

Status affected

Version 1.0.7

Status affected

Version 1.0.8

Status affected

Version 1.0.9

Status affected

Version 1.0.10

Status affected

Version 1.0.11

Status affected

Version 1.0.12

Status affected

Version 1.0.13

Status affected

Version 1.0.14

Status affected

Version 1.0.15

Status affected

Version 1.0.16

Status affected

Version 1.0.17

Status affected

Version 1.0.18

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.112

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://vuldb.com/vuln/358240

https://vuldb.com/vuln/358240/cti

https://vuldb.com/submit/792225

https://gist.github.com/YLChen-007/ced2d438ae79a5a11cea663c1ba2c954

https://nvd.nist.gov/vuln/detail/CVE-2026-6605

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-6605

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-6605

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-6605