CVE-2026-35002

CVSS v4.0

9.3

Critical

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field type parameter passed to eval(). Attackers can influence the field type value in a FunctionCall to achieve remote code execution.

Fix

Eval Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-95

Related Identifiers

CVE-2026-35002

Affected Products

Agno

CVE-2026-35002

Weakness Enumeration

Related Identifiers

Affected Products

References · 4