agentic-blocks (>=0.1.36 <=0.1.37), aiqtoolkit-agno (>=1.1.0 <=1.3.1) +9 more potentially affected by CVE-2026-35002 via agno (>=1.2.16 <=2.0.9)

agno PYPI version =1.2.16, =0.1.36, =1.1.0, =0.8.0, =0.1.0, =1.3.4, =0.1.0.post1, =1.1.0a20251020, =1.7.0a20260510 - synvya-sdk =0.2.12 Source cves: CVE-2026-35002 Source advisory: OSV:GHSA-77RH-M34W-RV36...

GHSA-77RH-M34W-RV36 Agno is vulnerable to Eval Injection

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...

EUVD-2026-18334

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...

CVE-2026-35002 Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...

agentic-blocks (>=0.1.36 <=0.1.37) potentially affected by CVE-2025-64168 via agno (=2.0.9)

agno PYPI version =2.0.9 is affected by a known vulnerability. The following packages have a transitive dependency on agno and may be impacted: - agentic-blocks =0.1.36, =0.1.37 Source cves: CVE-2025-64168 Source advisory: OSV:GHSA-VW84-HPRM-CXMM...

PT-2025-44638

Name of the Vulnerable Software and Affected Versions Agno versions 2.0.0 through 2.2.1 Description Agno is a multi-agent framework, runtime, and control plane. Under high concurrency, a race condition can occur when session state is passed to Agent or Team during run or arun calls. This can lead...

CVE-2025-8665

A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5. This issue affects the function MCPTools/MultiMCPTools in the library libs/agno/agno/tools/mcp.py of the component Model Context Protocol Handler. The manipulation of the argument command leads to os...

cliz (=0.1.4), iointel (>=1.3.4 <=1.12.0) +1 more potentially affected by CVE-2025-8665 via agno (>=1.4.3 <=1.7.12)

agno PYPI version =1.4.3, =1.3.4, =0.1.0.post1, =0.1.0.post3 Source cves: CVE-2025-8665 Source advisory: SNYK:PYTHON-AGNO-11787823...