Primary

Context

Agno Arbitrary Code Execution Vulnerability in Model Execution Component

Vulnerability

A vulnerability allowing arbitrary code execution exists in Agno versions prior to 2.3.24. This issue arises in the model execution component, where the field_type parameter passed to eval() can be manipulated. Attackers can influence the field_type value in a FunctionCall to execute arbitrary Python code remotely.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where Agno is running.

Remediation

Users can upgrade to Agno version 2.3.24 or later to address this vulnerability.

Added: May 3, 2026, 11:25 AM

Updated: May 3, 2026, 11:25 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.5

remediation

0.0

relevance

5.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.5

remediation

0.0

relevance

5.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Agno Arbitrary Code Execution Vulnerability in Model Execution Component

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating