Primary

Context

agno-agi Command Injection Vulnerability in Model Context Protocol Handler

Vulnerability

A critical OS command injection vulnerability has been identified in agno-agi versions through 1.7.5. The issue arises in the Model Context Protocol Handler, specifically within the MCPTools and MultiMCPTools functions of the mcp.py library. The vulnerability allows remote execution of arbitrary commands by manipulating the 'command' argument, which is improperly validated before being executed. This exploitation occurs with the privileges of the Agno agent process.

Impact

Exploitation of this vulnerability allows for arbitrary OS command execution on the server where the Agno agent is running.

Reproduction

To reproduce this vulnerability, send a request to the Agno framework's MCPTools or MultiMCPTools functions with a crafted 'command' argument. The input will be processed by 'shlex.split()' and executed as a system command, without any sanitization, leading to command injection.

Added: Aug 6, 2025, 5:17 PM

Updated: Aug 6, 2025, 5:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

agno-agi Command Injection Vulnerability in Model Context Protocol Handler

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating