RCE in Agno

CVE-2026-35002

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers ca…

EPSS: 0.001 (34.7th percentile) — read the EPSS interpretation.

Affected products

Agno — versions 0, cbf675521d4d2281925a051784a3b94172e56416

Weakness classification (CWE)

CWE-95 — Eval Injection

References

github.com/agno-agi/agno/releases/tag/v2.3.24 (release-notes)
github.com/agno-agi/agno/commit/cbf675521d4d2281925a051784a3b94172e56416 (patch)
www.vulncheck.com/advisories/agno-field-type-eval-injection-arbitrary-code-exec… (third-party-advisory)