ГлавнаяУязвимости → CVE-2026-35002
9.8критическая

CVE-2026-35002

Описание

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a FunctionCall to achieve remote code execution.

Затрагиваемое ПО
Agno Agno
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/agno-agi/agno/commit/cbf675521d4d2281925a051784a3b94172e56416https://github.com/agno-agi/agno/releases/tag/v2.3.24https://www.vulncheck.com/advisories/agno-field-type-eval-injection-arbitrary-code-execution