ModelScope AgentScope Hit by Critical SSRF Vulnerability
A severe Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2026-6605, has been uncovered in ModelScope AgentScope versions up to 1.0.18. According to the National Vulnerability Database, the flaw resides in the _get_bytes_from_web_url function within src/agentscope/_utils/_common.py, part of the Internal Service component. This allows remote attackers to manipulate requests, leading to SSRF.
The CVSSv3.1 score for this vulnerability is 7.3 (High), indicating a significant risk. Crucially, an exploit for CVE-2026-6605 has been publicly released, making it an immediate threat for unpatched systems. The National Vulnerability Database also notes that the vendor did not respond to early disclosure attempts, leaving users in a precarious position.
SSRF vulnerabilities are particularly dangerous as they enable attackers to force the server to make requests to internal resources or external services, potentially exposing sensitive data, bypassing firewalls, or even leading to remote code execution in some configurations. The public exploit availability means defenders must act swiftly to mitigate this risk.
What This Means For You
- If your organization utilizes ModelScope AgentScope, you are directly exposed. Immediately identify all instances running versions up to 1.0.18. There is no patch mentioned, so network segmentation and strict egress filtering are critical to limit the blast radius if an attacker exploits this SSRF. Audit any systems that interact with AgentScope for unusual outbound connections.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-6605 - ModelScope AgentScope SSRF via _get_bytes_from_web_url
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-6605 | SSRF | modelscope agentscope up to 1.0.18 |
| CVE-2026-6605 | SSRF | src/agentscope/_utils/_common.py:_get_bytes_from_web_url |
| CVE-2026-6605 | SSRF | Component: Internal Service |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 20, 2026 at 08:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-6614 — TransformerOptimus SuperAGI Vulnerability
CVE-2026-6614 — A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function get_project/update_project/get_projects_organisation of the file...
CVE-2026-6613 — TransformerOptimus SuperAGI Vulnerability
CVE-2026-6613 — A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function delete_agent/stop_schedule/get_schedule_data of the file superagi/controllers/agent.py. The manipulation of the...
CVE-2026-6612 — A vulnerability was determined in TransformerOptimus
CVE-2026-6612 — A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function get_agent_execution/update_agent_execution of the file superagi/controllers/agent_execution.py of the component Agent...