CVE-2024-8502: A vulnerability in the RpcAgentServerLauncher class of modelscope/agentscope v0.0.6a3 allows for remote code execution (
Summary
CVE-2024-8502 is a vulnerability in modelscope/agentscope v0.0.6a3 where the RpcAgentServerLauncher class unsafely deserializes (converts serialized data back into code) untrusted data using the dill library, allowing attackers to execute arbitrary commands on the server. The vulnerability exists in the AgentServerServicer.create_agent method, which directly deserializes user input without validation.
Vulnerability Details
EPSS: 0.4%
Classification
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-8502
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 92%