Description
Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a FunctionCall to achieve remote code execution.
Published: 2026-04-02
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An issue in Agno’s model execution component allows attackers to execute any Python code by changing the field_type parameter that is passed to eval(). The vulnerability is a code‑injection flaw (CWE-95) that can be triggered through a FunctionCall, giving the attacker full control over the Agno process. This leads to total compromise of confidentiality, integrity, and availability of the affected instance.

Affected Systems

All releases of Agno earlier than version 2.3.24 are susceptible. Any instance that processes user‑supplied FunctionCall objects exposed via APIs or web services can be targeted.

Risk and Exploitability

The CVSS score of 9.3 marks this issue as critical, and while an EPSS score is not provided, the severity indicates a high likelihood of exploitation. The flaw is not listed in CISA’s KEV catalog, but an attacker can remotely inject malicious field_type content and have it executed with the same privileges as the Agno process.

Generated by OpenCVE AI on April 2, 2026 at 15:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Agno to version 2.3.24 or later to patch the eval injection flaw.
  • Verify that the latest release has been successfully applied by checking the release notes or the package signature.
  • If an immediate upgrade is not possible, limit external access to the FunctionCall API or isolate the instance behind a firewall.
  • Regularly review Agno security advisories to stay informed of new patches or updates.

Generated by OpenCVE AI on April 2, 2026 at 15:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-77rh-m34w-rv36 Agno is vulnerable to Eval Injection
History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Agno-agi
Agno-agi agno
Vendors & Products Agno-agi
Agno-agi agno
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Title Agno field_type Eval Injection Arbitrary Code Execution Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution

Thu, 02 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
Description Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a FunctionCall to achieve remote code execution.
Title Agno field_type Eval Injection Arbitrary Code Execution
Weaknesses CWE-95
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Agno-agi Agno
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-02T15:23:20.841Z

Reserved: 2026-03-31T20:40:15.617Z

Link: CVE-2026-35002

cve-icon Vulnrichment

Updated: 2026-04-02T15:23:13.911Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-02T15:16:52.063

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-35002

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:20:58Z

Weaknesses