CVE-2026-35002

UNKNOWN 0.0

Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a FunctionCall to achieve remote code execution.

CWE	CWE-95
Vendor	agno
Product	agno
Published	Apr 2, 2026
Last Updated	Apr 2, 2026

Stay Ahead of the Next One

Get instant alerts for agno agno

Be the first to know when new unknown vulnerabilities affecting agno agno are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Agno / Agno

0 < 2.3.24 cbf675521d4d2281925a051784a3b94172e56416

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/agno-agi/agno/releases/tag/v2.3.24 github.com: https://github.com/agno-agi/agno/commit/cbf675521d4d2281925a051784a3b94172e56416 vulncheck.com: https://www.vulncheck.com/advisories/agno-field-type-eval-injection-arbitrary-code-execution

Credits

Eran Shimony, Palo Alto Networks