Home

Description

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a FunctionCall to achieve remote code execution.

PUBLISHED Reserved 2026-03-31 | Published 2026-04-02 | Updated 2026-04-02 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Product status

Default status
unaffected

Any version before 2.3.24
affected

cbf675521d4d2281925a051784a3b94172e56416 (git)
affected

Credits

Eran Shimony, Palo Alto Networks finder

References

github.com/agno-agi/agno/releases/tag/v2.3.24 release-notes

github.com/...ommit/cbf675521d4d2281925a051784a3b94172e56416 patch

www.vulncheck.com/...eval-injection-arbitrary-code-execution third-party-advisory

cve.org (CVE-2026-35002)

nvd.nist.gov (CVE-2026-35002)

Download JSON