CVE-2026-27952

Name of the Vulnerable Software and Affected Versions Agenta-API versions prior to 0.48.1

Description Agenta is an open-source LLMOps platform. In Agenta-API versions prior to 0.48.1, a Python sandbox escape existed in Agenta's custom code evaluator. The platform used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the numpy package as safe within the sandbox. This allowed authenticated users to bypass the sandbox and achieve arbitrary code execution on the API server. The escape path was through numpy.ma.core.inspect, which exposes Python's introspection utilities – including sys.modules – thereby providing access to unfiltered system-level functionality like os.system. The custom code evaluator runs server-side within the API process.

Recommendations Update to version 0.48.1 or later to resolve the issue. Versions 0.60 and later have removed the RestrictedPython sandbox entirely and replaced it with a different execution model.