New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
UNKNOWN PyPI

Agno is vulnerable to Eval Injection

GHSA-77rh-m34w-rv36 · CVE-2026-35002 · PYSEC-2026-256

Published · Modified

Description

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a FunctionCall to achieve remote code execution.

Ready to move

Start Securing

Free, no credit card | First findings in minutes