CVE-2026-35002
Arbitrary Code Execution in Agno Model Execution via eval
Publication date: 2026-04-02
Last updated on: 2026-04-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| agno | agno | to 2.3.24 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-95 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval"). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-35002 is an arbitrary code execution vulnerability in Agno versions prior to 2.3.24. It occurs because the model execution component uses Python's eval() function on the field_type parameter without proper sanitization. Attackers can manipulate the field_type value in a FunctionCall to execute arbitrary Python code remotely.
How can this vulnerability impact me? :
This vulnerability allows remote attackers to execute arbitrary Python code on the affected system without any privileges or user interaction. This can lead to full compromise of the system, including unauthorized access, data theft, data corruption, or disruption of service.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects Agno versions prior to 2.3.24 and involves the use of Python's eval() function on the field_type parameter, which can be exploited remotely.
To detect if your system is vulnerable, first identify the Agno version running on your system. You can check the version by running the command:
- agno --version
If the version is earlier than 2.3.24, your system is vulnerable.
Additionally, you can monitor network traffic or logs for suspicious FunctionCall inputs that manipulate the field_type parameter, which might indicate exploitation attempts.
Since the vulnerability involves remote code execution via crafted inputs, inspecting application logs for unusual or unexpected Python code execution or errors related to eval() usage may help detect exploitation.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade Agno to version 2.3.24 or later, where the vulnerability has been fixed by replacing the unsafe eval() usage with a safe type mapping approach.
If upgrading immediately is not possible, consider restricting network access to the affected Agno service to trusted users only, to reduce exposure to remote attacks.
Monitor logs for suspicious activity related to the field_type parameter and FunctionCall inputs to detect potential exploitation attempts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-35002 is a critical arbitrary code execution vulnerability that allows attackers to execute arbitrary Python code remotely, potentially compromising the confidentiality, integrity, and availability of affected systems.
Such a vulnerability could lead to unauthorized access to sensitive data or disruption of services, which may result in non-compliance with data protection regulations like GDPR or HIPAA that require safeguarding personal and health information.
However, the provided information does not explicitly describe the direct impact of this vulnerability on compliance with specific standards or regulations.