Skip to content

ms-agent

v1.6.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2mo AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

agentic-insight agentic-search chat-bot code-generation deep-research memory

Summary

AI summary

Fixed CVE-2026-2256 command injection vulnerability in Shell tool.

Breaking Changes

  • Shell tool removed and migrated to sandbox environment

Security Fixes

  • CVE-2026-2256: Shell tool regex denylist bypass leading to command injection
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track ms-agent

Get notified when new releases ship.

Sign up free

About ms-agent

MS-Agent: a lightweight framework to empower agentic execution of complex tasks

All releases →

Related context

Beta — feedback welcome: [email protected]