Home

Description

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the delete_by_metadata() method. Attackers can exploit the unsafe f-string interpolation in clickhousedb.py to delete all rows, target specific rows, or extract information through error-based or blind SQL injection techniques.

PUBLISHED Reserved 2026-05-29 | Published 2026-05-29 | Updated 2026-06-02 | Assigner VulnCheck




HIGH: 8.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status
unknown

Any version
affected

Any version
affected

Any version
affected

Credits

YU SUN finder

References

github.com/agno-agi/agno/issues/7866 exploit

github.com/agno-agi/agno/issues/7866 issue-tracking

github.com/agno-agi/agno/pull/7883 technical-description

github.com/...anges/26a7439b803c0ccc9a58ee53572d8088a678923f patch

github.com/...anges/a0ec99305e782e68ba26f5966c53ad50b5f40132 patch

www.vulncheck.com/...ction-via-clickhouse-delete-by-metadata third-party-advisory

cve.org (CVE-2026-10105)

nvd.nist.gov (CVE-2026-10105)

Download JSON