Which versions of Python are affected by EUVD-2026-21900?

Google Agent Development Kit (ADK) versions 1.7.0-2.0.0a1 contain an unauthenticated remote code execution vulnerability affecting Python deployments, Cloud Run, and GKE environments.. A patch is available.

Is there a public PoC exploit available for EUVD-2026-21900?

Yes, a public proof-of-concept exploit is available for EUVD-2026-21900. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate EUVD-2026-21900?

Within 24 hours: Inventory all ADK deployments (Python OSS, Cloud Run, GKE) and identify instances running versions 1.7.0-1.28.0 or 2.0.0a1; immediately isolate exposed instances from production traffic via network segmentation or firewall rules. Within 7 days: Monitor vendor (Google) security advisories for patch release and evaluate migration to patched versions or alternative solutions; implement network-based ingress filtering to restrict ADK access to trusted sources only. Within 30 days: Deploy patched ADK version once released by vendor; conduct forensic review of exposed instances for indicators of compromise; execute code review of ADK integration points for injection vectors.

Python EUVD-2026-21900

Q: What is the CVSS score of EUVD-2026-21900?

EUVD-2026-21900 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber. EPSS exploitation probability: 0.3%.

| CVE-2026-4810 CRITICAL

Missing Authentication for Critical Function (CWE-306)

2026-04-13 GoogleCloud

GHSA-rg7c-g689-fr3x

Authentication Bypass Google RCE Python

9.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

9.3 CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Amber

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Patch released

Apr 15, 2026 - 02:30 nvd

Patch available

Analysis Generated

Apr 13, 2026 - 09:31 vuln.today

CVSS changed

Apr 13, 2026 - 09:22 NVD

9.3 (CRITICAL)

EUVD ID Assigned

Apr 13, 2026 - 09:15 euvd

EUVD-2026-21900

Analysis Generated

Apr 13, 2026 - 09:15 vuln.today

CVE Published

Apr 13, 2026 - 08:35 nvd

CRITICAL 9.3

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

1 pypi packages depend on google-adk (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 1.7.0.

DescriptionCVE.org

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit (ADK) versions 1.7.0 (and 2.0.0a1) through 1.28.1 (and 2.0.0a2) on Python (OSS), Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance.

This vulnerability was patched in versions 1.28.1 and 2.0.0a2.

Customers need to redeploy the upgraded ADK to their production environments. In addition, if they are running ADK Web locally, they also need to upgrade their local instance.

AnalysisAI

Remote code execution in Google Agent Development Kit (ADK) versions 1.7.0-1.28.0 and 2.0.0a1 allows unauthenticated remote attackers to execute arbitrary code on ADK server instances via combined code injection and missing authentication flaws. Affects Python OSS deployments, Cloud Run, and GKE environments. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Network scan identifies ADK endpoint

Delivery

Send unauthenticated crafted HTTP request

Exploit

Inject malicious Python code

Execution

Execute arbitrary code as service account

Persist

Access cloud resources and customer data

Impact

Establish persistence via modified ADK configuration

Access

Network scan identifies ADK endpoint

Delivery

Send unauthenticated crafted HTTP request

Exploit

Inject malicious Python code

Execution

Execute arbitrary code as service account

Persist

Access cloud resources and customer data

Impact

Establish persistence via modified ADK configuration

Vulnerability AssessmentAI

Exploitation	No special conditions — remote unauthenticated exploitation against Google Agent Development Kit (ADK) versions 1.7.0-1.28.1 and 2.0.0a1-2.0.0a2 running on Python (OSS), Cloud Run, or GKE. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	This vulnerability presents critical real-world risk despite no CISA KEV listing. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An unauthenticated attacker scans for exposed Google ADK instances on Cloud Run or GKE by identifying common ADK API endpoints. Without providing any credentials, the attacker sends a crafted HTTP request containing malicious Python code to the vulnerable ADK endpoint. …
Remediation	Immediately upgrade to Google Agent Development Kit version 1.28.1 for production 1.x deployments or version 2.0.0a2 for alpha 2.x deployments, as these releases contain the authentication and code injection patches per the vendor advisory at https://github.com/google/adk-python/blob/main/CHANGELOG.md#1274-2026-03-26. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all ADK deployments (Python OSS, Cloud Run, GKE) and identify instances running versions 1.7.0-1.28.0 or 2.0.0a1; immediately isolate exposed instances from production traffic via network segmentation or firewall rules. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-48039 CRITICAL Act Now POC

9.1 Jun 11

Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API ac

CVE-2026-53753 CRITICAL Act Now

9.8 Jun 16

Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in

CVE-2026-48519 CRITICAL Act Now

9.6 Jun 16

Remote code execution in Langflow versions through 1.9.1 allows unauthenticated attackers to execute arbitrary Python co

CVE-2026-45833 CRITICAL Act Now

9.4 Jun 12

Authenticated remote code execution in ChromaDB Python project versions 0.4.17 and later enables attackers holding the U

CVE-2026-47103 CRITICAL Act Now

9.3 Jun 17

Remote code execution in python-statemachine 3.0.0 through 3.1.x allows attackers to run arbitrary Python in the host pr

EUVD-2026-21900 vulnerability details – vuln.today

Back