47 matches found
CVE-2026-10105
agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the deletebymetadata method. Attackers can exploit the unsafe f-string interpolation in...
SQL Injection
Overview agno is an Agno: a lightweight library for building Multi-Agent Systems Affected versions of this package are vulnerable to SQL Injection via the deletebymetadata function in the clickhouse backend. An attacker can execute unintended SQL commands by supplying malicious metadata keys and...
CVE-2026-10105 agno 2.6.5 SQL Injection via ClickHouse delete_by_metadata()
agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the deletebymetadata method. Attackers can exploit the unsafe f-string interpolation in...
agno SQL注入漏洞
Agno is an open-source full-stack framework developed by Agno for building multi-agent systems with memory, knowledge, and reasoning capabilities. Version 2.6.5 of Agno contains a SQL injection vulnerability. This vulnerability stems from SQL injections in the ClickHouse vector database backend,...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: jfs: fixed an array-index-out-of-bounds issue in diAlloc. Currently, there is no check for the agnno of the iag when allocating new inodes to avoid fragmentation problems. The check has been added, which is necessary...
CVE-2026-35002
Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...
agentic-blocks (>=0.1.36 <=0.1.37) potentially affected by CVE-2026-35002 via agno (=2.0.9)
agno PYPI version =2.0.9 is affected by a known vulnerability. The following packages have a transitive dependency on agno and may be impacted: - agentic-blocks =0.1.36, =0.1.37 Source cves: CVE-2026-35002 Source advisory: SNYK:PYTHON-AGNO-15874153...
Eval Injection
Overview agno is an Agno: a lightweight library for building Multi-Agent Systems Affected versions of this package are vulnerable to Eval Injection via the fieldtype parameter in the model execution process. An attacker can execute arbitrary Python code by manipulating the value passed to the eva...
agentic-blocks (>=0.1.36 <=0.1.37), aiqtoolkit-agno (>=1.1.0 <=1.3.1) +9 more potentially affected by CVE-2026-35002 via agno (>=1.2.16 <=2.0.9)
agno PYPI version =1.2.16, =0.1.36, =1.1.0, =0.8.0, =0.1.0, =1.3.4, =0.1.0.post1, =1.1.0a20251020, =1.7.0a20260510 - synvya-sdk =0.2.12 Source cves: CVE-2026-35002 Source advisory: OSV:GHSA-77RH-M34W-RV36...
GHSA-77RH-M34W-RV36 Agno is vulnerable to Eval Injection
Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...
Agno is vulnerable to Eval Injection
Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...
EUVD-2026-18334
Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...
CVE-2026-35002
Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...
CVE-2026-35002
The vulnerability CVE-2026-35002 affects Agno versions prior to 2.3.24 in the model execution component. An attacker can trigger remote code execution by manipulating the field_type parameter passed to eval() within a FunctionCall, allowing arbitrary Python code execution. This results in high im...
CVE-2026-35002
Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...
CVE-2026-35002 Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution
Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...
CVE-2026-35002 Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution
Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...
agno 安全漏洞
Agno is an open-source full-stack framework developed by Agno for building multi-agent systems with memory, knowledge, and reasoning capabilities. Versions of Agno prior to 2.3.24 contained a security vulnerability, which was caused by improper handling of the fieldtype parameter in the model...
PT-2026-29747
Name of the Vulnerable Software and Affected Versions Agno versions prior to 2.3.24 Description An arbitrary code execution issue exists in the model execution component. Attackers can execute arbitrary Python code by manipulating the field type parameter passed to the eval function. By influenci...
CVE-2025-64168
Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when sessionstate is passed to Agent or Team during run or arun calls, a race condition can occur, causing a sessionstate to be assigned and persisted to the incorrect session. This may...