CVE-2026-35002
Received Received - Intake
Arbitrary Code Execution in Agno Model Execution via eval

Publication date: 2026-04-02

Last updated on: 2026-04-16

Assigner: VulnCheck

Description
Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a FunctionCall to achieve remote code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-16
Generated
2026-06-16
AI Q&A
2026-04-02
EPSS Evaluated
2026-06-14
NVD
CVE-2026-35002
EUVD
EUVD-2026-18334
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
agno agno to 2.3.24 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-95 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-35002 is an arbitrary code execution vulnerability in Agno versions prior to 2.3.24. It occurs because the model execution component uses Python's eval() function on the field_type parameter without proper sanitization. Attackers can manipulate the field_type value in a FunctionCall to execute arbitrary Python code remotely.

Impact Analysis

This vulnerability allows remote attackers to execute arbitrary Python code on the affected system without any privileges or user interaction. This can lead to full compromise of the system, including unauthorized access, data theft, data corruption, or disruption of service.

Detection Guidance

This vulnerability affects Agno versions prior to 2.3.24 and involves the use of Python's eval() function on the field_type parameter, which can be exploited remotely.

To detect if your system is vulnerable, first identify the Agno version running on your system. You can check the version by running the command:

  • agno --version

If the version is earlier than 2.3.24, your system is vulnerable.

Additionally, you can monitor network traffic or logs for suspicious FunctionCall inputs that manipulate the field_type parameter, which might indicate exploitation attempts.

Since the vulnerability involves remote code execution via crafted inputs, inspecting application logs for unusual or unexpected Python code execution or errors related to eval() usage may help detect exploitation.

Mitigation Strategies

The primary mitigation step is to upgrade Agno to version 2.3.24 or later, where the vulnerability has been fixed by replacing the unsafe eval() usage with a safe type mapping approach.

If upgrading immediately is not possible, consider restricting network access to the affected Agno service to trusted users only, to reduce exposure to remote attacks.

Monitor logs for suspicious activity related to the field_type parameter and FunctionCall inputs to detect potential exploitation attempts.

Compliance Impact

CVE-2026-35002 is a critical arbitrary code execution vulnerability that allows attackers to execute arbitrary Python code remotely, potentially compromising the confidentiality, integrity, and availability of affected systems.

Such a vulnerability could lead to unauthorized access to sensitive data or disruption of services, which may result in non-compliance with data protection regulations like GDPR or HIPAA that require safeguarding personal and health information.

However, the provided information does not explicitly describe the direct impact of this vulnerability on compliance with specific standards or regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35002. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart