PT-2026-53353 · Pypi · Agno

Published

2026-06-29

·

Updated

2026-06-29

CVSS v4.0

9.3

Critical

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field type parameter passed to eval(). Attackers can influence the field type value in a FunctionCall to achieve remote code execution.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

PYSEC-2026-256

Affected Products

Agno