Agent Development Kit Adk
Monthly
Remote code execution in Google Agent Development Kit (ADK) versions 1.7.0-1.28.0 and 2.0.0a1 allows unauthenticated remote attackers to execute arbitrary code on ADK server instances via combined code injection and missing authentication flaws. Affects Python OSS deployments, Cloud Run, and GKE environments. CVSS 9.3 critical severity with proof-of-concept code available (CVSS:4.0 E:P). No CISA KEV listing indicates no confirmed widespread exploitation at time of analysis, though the authentication bypass combined with RCE presents extreme risk for exposed instances.
Remote code execution in Google Agent Development Kit (ADK) versions 1.7.0-1.28.0 and 2.0.0a1 allows unauthenticated remote attackers to execute arbitrary code on ADK server instances via combined code injection and missing authentication flaws. Affects Python OSS deployments, Cloud Run, and GKE environments. CVSS 9.3 critical severity with proof-of-concept code available (CVSS:4.0 E:P). No CISA KEV listing indicates no confirmed widespread exploitation at time of analysis, though the authentication bypass combined with RCE presents extreme risk for exposed instances.