Browse all 15 CVE security advisories affecting ModelScope. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Modelscope is an AI platform providing model development and deployment services with 15 recorded CVEs. Its core use case involves creating and sharing machine learning models across various domains. Historically, common vulnerabilities include remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure API endpoints. The platform has faced security incidents related to unauthorized access and data exposure, highlighting risks in its model sharing infrastructure. While offering extensive AI capabilities, its security track record indicates persistent challenges in securing user-generated content and access controls, requiring ongoing attention to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-6606 | modelscope agentscope _agent_base.py _process_audio_block server-side request forgery — agentscopeCWE-918 | 7.3 | High | 2026-04-20 |
| CVE-2026-6605 | modelscope agentscope Internal Service _common.py _get_bytes_from_web_url server-side request forgery — agentscopeCWE-918 | 7.3 | High | 2026-04-20 |
| CVE-2026-6604 | modelscope agentscope Cloud Metadata Endpoint _openai_tools.py openai_audio_to_text server-side request forgery — agentscopeCWE-918 | 7.3 | High | 2026-04-20 |
| CVE-2026-6603 | modelscope agentscope _python.py execute_shell_command code injection — agentscopeCWE-94 | 7.3 | High | 2026-04-20 |
This page lists every published CVE security advisory associated with ModelScope. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.