CVE-2026-35002 PUBLISHED

Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution

Assigner: VulnCheck
Reserved: 31.03.2026 Published: 02.04.2026 Updated: 02.04.2026

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a FunctionCall to achieve remote code execution.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.3

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	High	Integrity	None
Attack Requirements	None	Availability	High	Availability	None
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	Agno
Product	Agno
Versions	Default: unaffected affected from 0 to 2.3.24 (excl.) Version cbf675521d4d2281925a051784a3b94172e56416 is affected

Credits

Eran Shimony, Palo Alto Networks finder

References

Problem Types

CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') CWE