Description
A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function _process_audio_block of the file src/agentscope/agent/_agent_base.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-20
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: Server‑Side Request Forgery
Action: Patch Immediately
AI Analysis

Impact

The vulnerability in modelscope agentscope arises from a flaw in the _process_audio_block function that permits an attacker to manipulate a URL parameter. This creates a server‑side request forgery (SSRF) scenario in which the server, acting as a proxy, can be forced to send HTTP requests to arbitrary internal or external destinations. The effect is that a remote attacker could exfiltrate sensitive data, access network‑restricted services, or launch further attacks from the compromised host. According to the provided score, the CVSS rating reflects a moderately high risk.

Affected Systems

The issue affects all releases of modelscope agentscope up to and including version 1.0.18 as identified by the vendor. Any deployment that has not been upgraded beyond this version is vulnerable.

Risk and Exploitability

The flaw can be exploited remotely, and a public proof‑of‑concept has already appeared online, indicating that attackers can effectively leverage the weakness. While the EPSS score is not available, the existence of a public exploit suggests that the likelihood of real‑world attacks is non‑negligible. The vulnerability is not listed in CISA’s KEV catalog, but its nature and available exploit code make it a threat that should be addressed without delay.

Generated by OpenCVE AI on April 20, 2026 at 06:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade modelscope agentscope to a patched version that removes the insecure URL handling in _process_audio_block; if no update is immediately available, monitor the vendor’s release notes for a fix.
  • Restrict outbound traffic from the agentscope service by limiting allowed hostnames or IP addresses and blocking any unexpected internal endpoints to mitigate SSRF attempts.
  • Implement network segmentation or firewall rules that isolate the agentscope component from critical internal services, reducing the potential impact of a successful SSRF attack.
  • Monitor logs and network flows for abnormal outbound requests originating from agentscope to detect and respond to attempted SSRF attacks promptly.

Generated by OpenCVE AI on April 20, 2026 at 06:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function _process_audio_block of the file src/agentscope/agent/_agent_base.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title modelscope agentscope _agent_base.py _process_audio_block server-side request forgery
First Time appeared Modelscope
Modelscope agentscope
Weaknesses CWE-918
CPEs cpe:2.3:a:modelscope:agentscope:*:*:*:*:*:*:*:*
Vendors & Products Modelscope
Modelscope agentscope
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Modelscope Agentscope
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-20T04:45:11.806Z

Reserved: 2026-04-19T14:12:04.157Z

Link: CVE-2026-6606

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-20T05:16:15.987

Modified: 2026-04-20T05:16:15.987

Link: CVE-2026-6606

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T06:30:45Z

Weaknesses