Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise
highnews
security
Source: SecurityWeekMarch 3, 2026
Summary
A vulnerability in the MS-Agent AI Framework allows attackers to compromise an entire system by exploiting the Shell tool through improper input sanitization (failure to clean and validate user input). Attackers can use this flaw to modify system files and steal data.
Classification
Attack Type
Other
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Microsoft
Related Issues
highcritical
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
Similar attackNVD/CVE Database
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Similar attack
Original source: https://www.securityweek.com/vulnerability-in-ms-agent-ai-framework-can-allow-full-system-compromise/
First tracked: March 3, 2026 at 07:00 AM
Classified by LLM (prompt v3) · confidence: 75%