PatchSiren

modelscope CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW modelscope CVE published 2026-06-04

CVE-2026-10801

A security vulnerability has been detected in modelscope ms-swift up to 4.2.0. This affects the function Template._save_pil_image of the file swift/template/base.py of the component PIL Image Cache Key Handler. The manipulation leads to use of weak hash. An attack has to be approached locally. A high degree of complexity is needed for the attack. It is indicated that the exploitability is difficult. The e [truncated]

HIGH modelscope CVE published 2026-05-19

CVE-2025-51427

CVE-2025-51427 describes an arbitrary code execution issue in ModelScope 1.25.0 tied to a crafted module reference in the dey_mini.yaml configuration file. The NVD metadata maps this to CWE-94 and rates it HIGH (CVSS 7.3), so environments using the affected version should treat it as a serious code-execution risk.