Primary

Context

Agno Race Condition Vulnerability Leading to Session State Overwrites

Vulnerability

A race condition vulnerability has been identified in Agno versions 2.0.0 prior to 2.2.2. Under high concurrency, when 'session_state' is passed to Agent or Team during run or arun calls, the race condition can cause 'session_state' to be incorrectly assigned and persisted to the wrong session. This flaw may result in user data from one session being exposed to another user.

Impact

Exploitation of this vulnerability can lead to unauthorized access to user data across different sessions.

Remediation

Users can upgrade to Agno version 2.2.2 to address this vulnerability.

Added: Oct 31, 2025, 3:20 PM

Updated: Oct 31, 2025, 3:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Agno Race Condition Vulnerability Leading to Session State Overwrites

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating