CVE-2026-35002

CriticalPublic PoC

Published: 02 April 2026

Published

02 April 2026

Modified

16 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0043 62.3th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a…

FunctionCall to achieve remote code execution.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires validation of the field_type parameter to block malicious Python code injection into the eval() function.

SI-2 Flaw Remediation good match

prevent

Ensures timely identification, reporting, and patching of the arbitrary code execution flaw as fixed in Agno 2.3.24.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Provides vulnerability scanning to detect the field_type eval injection vulnerability for prioritization and remediation.

Security SummaryAI

CVE-2026-35002 is an arbitrary code execution vulnerability (CWE-95) in Agno versions prior to 2.3.24. The flaw exists in the model execution component, where the field_type parameter passed in a FunctionCall is directly evaluated using Python's eval() function, enabling attackers to inject and execute arbitrary Python code.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity with network accessibility, low attack complexity, and no requirements for privileges or user interaction. Unauthenticated remote attackers can exploit it by manipulating the field_type value in a FunctionCall, achieving full remote code execution on the target system with high impacts to confidentiality, integrity, and availability.

Mitigation is addressed in Agno version 2.3.24, as evidenced by the release tag and the associated fixing commit. Further technical details on the field_type eval injection and exploitation are available in the VulnCheck advisory.

Details

CWE(s): CWE-95

Affected Products

agno

≤ 2.3.24

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.006 Python Execution

Adversaries may abuse Python commands and scripts for execution.

attack.mitre.org →

Why these techniques?

CVE enables unauthenticated remote code execution in a public-facing application via Python eval() injection, directly mapping to exploitation of public-facing apps and Python interpreter abuse.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/agno-agi/agno/commit/cbf675521d4d2281925a051784a3b94172e56416
Patch · disclosure@vulncheck.com
https://github.com/agno-agi/agno/releases/tag/v2.3.24
Product · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/agno-field-type-eval-injection-arbitrary-code-execution
Third Party Advisory · disclosure@vulncheck.com