CVE-2026-35002

CRITICAL

Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution

Title source: cna

Description

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a FunctionCall to achieve remote code execution.

References (3)

Core 3

Core References

Release Notes release-notes

https://github.com/agno-agi/agno/releases/tag/v2.3.24

Patch patch

https://github.com/agno-agi/agno/commit/cbf675521d4d2281925a051784a3b94172e56416

View Patch ZIP pw:eip

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/agno-field-type-eval-injection-arbitrary-code-execution

Scores

CVSS v3 9.8

EPSS 0.0085

EPSS Percentile 53.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-95

Status published

Products (4)

Agno/Agno < 2.3.24

agno/agno < 2.3.24

Agno/Agno cbf675521d4d2281925a051784a3b94172e56416

pypi/agno 0 - 2.3.24PyPI

Published Apr 02, 2026

Tracked Since Apr 02, 2026