{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6605", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-19T14:12:00.295Z", "datePublished": "2026-04-20T04:30:13.482Z", "dateUpdated": "2026-04-20T04:30:13.482Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-20T04:30:13.482Z"}, "title": "modelscope agentscope Internal Service _common.py _get_bytes_from_web_url server-side request forgery", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-918", "lang": "en", "description": "Server-Side Request Forgery"}]}], "affected": [{"vendor": "modelscope", "product": "agentscope", "versions": [{"version": "1.0.0", "status": "affected"}, {"version": "1.0.1", "status": "affected"}, {"version": "1.0.2", "status": "affected"}, {"version": "1.0.3", "status": "affected"}, {"version": "1.0.4", "status": "affected"}, {"version": "1.0.5", "status": "affected"}, {"version": "1.0.6", "status": "affected"}, {"version": "1.0.7", "status": "affected"}, {"version": "1.0.8", "status": "affected"}, {"version": "1.0.9", "status": "affected"}, {"version": "1.0.10", "status": "affected"}, {"version": "1.0.11", "status": "affected"}, {"version": "1.0.12", "status": "affected"}, {"version": "1.0.13", "status": "affected"}, {"version": "1.0.14", "status": "affected"}, {"version": "1.0.15", "status": "affected"}, {"version": "1.0.16", "status": "affected"}, {"version": "1.0.17", "status": "affected"}, {"version": "1.0.18", "status": "affected"}], "cpes": ["cpe:2.3:a:modelscope:agentscope:*:*:*:*:*:*:*:*"], "modules": ["Internal Service"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function _get_bytes_from_web_url of the file src/agentscope/_utils/_common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-19T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-19T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-19T16:17:46.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Eric-f (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/358240", "name": "VDB-358240 | modelscope agentscope Internal Service _common.py _get_bytes_from_web_url server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/358240/cti", "name": "VDB-358240 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/792225", "name": "Submit #792225 | AgentScope <= 1.0.18 Server-Side Request Forgery (CWE-918)", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/YLChen-007/ced2d438ae79a5a11cea663c1ba2c954", "tags": ["exploit"]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function _get_bytes_from_web_url of the file src/agentscope/_utils/_common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-6605", "lastModified": "2026-04-20T05:16:15.780", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-20T05:16:15.780", "references": [{"source": "cna@vuldb.com", "url": "https://gist.github.com/YLChen-007/ced2d438ae79a5a11cea663c1ba2c954"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/792225"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358240"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358240/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.0.0,1.0.18]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "agentscope", "source": "cna", "vendor": "modelscope"}, "product": "agentscope", "vendor": "modelscope"}], "analysis": {"en": {"generated_at": "2026-04-20T06:21:22.237294+00:00", "value": {"mitigation_remediation": ["Upgrade to a version newer than 1.0.18 when it becomes available", "Configure outbound network restrictions so the agentscope service can only reach trusted hosts", "Validate or sanitize URLs in _get_bytes_from_web_url to reject internal and disallowed addresses"], "summary": {"action": "Apply Patches", "impact": "Server-Side Request Forgery (SSRF)"}, "threat_synthesis": {"affected_systems": "The affected product is modelscope agentscope, versions up to and including 1.0.18. No other versions are noted in the advisory.\n", "description_and_impact": "The vulnerability is located in the _get_bytes_from_web_url function of the Internal Service module in modelscope agentscope, allowing an attacker to construct arbitrary URLs that the service will resolve. Such server-side request forgery can force the application to make originating requests to any target, potentially exposing internal resources or allowing data exfiltration. The impact is a loss of confidentiality, integrity, or availability of internal data depending on which URLs are targeted.\n", "risk_and_exploitability": "The CVSS score is 6.9, indicating a medium severity. The EPSS score is not available, and the vulnerability is not listed in CISA\u2019s KEV catalog. The attack can be initiated remotely with no authentication, and the exploit has already been released publicly, making it likely that attackers could use it once the host is discovered."}}}}, "created": "2026-04-20T06:30:45.091010+00:00", "updated": "2026-04-20T06:30:45.308117+00:00", "vendors": ["modelscope", "modelscope$PRODUCT$agentscope"]}