PT-2026-29747 · Agno · Agno
Published
2026-04-02
·
Updated
2026-05-03
·
CVE-2026-35002
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Agno versions prior to 2.3.24
Description
An arbitrary code execution issue exists in the model execution component. Attackers can execute arbitrary Python code by manipulating the
field type parameter passed to the eval() function. By influencing the field type value within a FunctionCall, an attacker can achieve remote code execution without authentication.Recommendations
Update to version 2.3.24 or later.
Fix
RCE
Eval Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Agno