Skip to main content

Agno

2 CVEs product

Monthly

CVE-2026-10105 PyPI HIGH PATCH GHSA This Week

SQL injection in agno 2.6.5's ClickHouse vector database backend allows authenticated attackers to inject arbitrary SQL via metadata keys and values passed to delete_by_metadata(). The flaw stems from unsafe f-string interpolation in clickhousedb.py and enables row deletion, targeted data tampering, and information extraction through error-based or blind SQLi. No public exploit identified at time of analysis, but a vendor patch (PR #7883) is available and the issue was disclosed by VulnCheck.

SQLi Agno
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-35002 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in Agno prior to version 2.3.24 allows attackers to execute arbitrary Python code by manipulating the field_type parameter in FunctionCall objects, which is passed unsafely to eval(). The vulnerability affects all versions before 2.3.24 and requires network access to influence the field_type value, enabling complete system compromise through code injection in the model execution component.

Python RCE Code Injection Agno
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.4%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

SQL injection in agno 2.6.5's ClickHouse vector database backend allows authenticated attackers to inject arbitrary SQL via metadata keys and values passed to delete_by_metadata(). The flaw stems from unsafe f-string interpolation in clickhousedb.py and enables row deletion, targeted data tampering, and information extraction through error-based or blind SQLi. No public exploit identified at time of analysis, but a vendor patch (PR #7883) is available and the issue was disclosed by VulnCheck.

SQLi Agno
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Remote code execution in Agno prior to version 2.3.24 allows attackers to execute arbitrary Python code by manipulating the field_type parameter in FunctionCall objects, which is passed unsafely to eval(). The vulnerability affects all versions before 2.3.24 and requires network access to influence the field_type value, enabling complete system compromise through code injection in the model execution component.

Python RCE Code Injection +1
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy