Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/agno@2.2.4

Type pypi

Namespace

Name agno

Version 2.2.4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.3.24

Latest_non_vulnerable_version 2.3.24

Affected_by_vulnerabilities

url VCID-zvsk-3s1f-tke3

vulnerability_id VCID-zvsk-3s1f-tke3

summary

Agno is vulnerable to Eval Injection
Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a FunctionCall to achieve remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-35002

reference_id

reference_type

scores

value	0.00146
scoring_system	epss
scoring_elements	0.34808
published_at	2026-06-06T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.34737
published_at	2026-06-08T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.34772
published_at	2026-06-07T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.34792
published_at	2026-06-05T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.35706
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-35002

reference_url

https://github.com/agno-agi/agno

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/agno-agi/agno

reference_url

https://github.com/agno-agi/agno/commit/cbf675521d4d2281925a051784a3b94172e56416

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-02T15:23:11Z/

url

https://github.com/agno-agi/agno/commit/cbf675521d4d2281925a051784a3b94172e56416

reference_url

https://github.com/agno-agi/agno/releases/tag/v2.3.24

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-02T15:23:11Z/

url

https://github.com/agno-agi/agno/releases/tag/v2.3.24

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-35002

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-35002

reference_url

https://www.vulncheck.com/advisories/agno-field-type-eval-injection-arbitrary-code-execution

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-02T15:23:11Z/

url

https://www.vulncheck.com/advisories/agno-field-type-eval-injection-arbitrary-code-execution

reference_url

https://github.com/advisories/GHSA-77rh-m34w-rv36

reference_id

GHSA-77rh-m34w-rv36

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-77rh-m34w-rv36

fixed_packages

url	pkg:pypi/agno@2.3.24
purl	pkg:pypi/agno@2.3.24
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/agno@2.3.24

aliases CVE-2026-35002, GHSA-77rh-m34w-rv36

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zvsk-3s1f-tke3

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/agno@2.2.4

Package Instance