#input-sanitization

[ follow ]
#cve-2026-2256 #command-injection #ai-agent-security #privilege-escalation #binary-parser
Information security
fromSecurityWeek
6 days ago

Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise

CVE-2026-2256 in ModelScope MS-Agent framework allows arbitrary OS command execution through inadequate input sanitization in the Shell tool using regex-based blacklist filtering.
fromThe Hacker News
1 month ago

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

The vulnerability, tracked as CVE-2026-1245 (CVSS score: N/A), affects all versions of the module prior to version 2.3.0, which addresses the issue. Patches for the flaw were released on November 26, 2025. Binary-parser is a widely used parser builder for JavaScript that allows developers to parse binary data. It supports a wide range of common data types, including integers, floating-point values, strings, and arrays. The package attracts approximately 13,000 downloads on a weekly basis.
Information security
[ Load more ]