Critical severity9.8NVD Advisory· Published Apr 2, 2026· Updated Apr 16, 2026
CVE-2026-35002
CVE-2026-35002
Description
Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a FunctionCall to achieve remote code execution.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
agnoPyPI | < 2.3.24 | 2.3.24 |
Affected products
1Patches
1cbf675521d4dfix: replace eval() with type mapping [SDK-417] (#5912)
2 files changed · +37 −9
libs/agno/agno/models/base.py+28 −8 modified@@ -2030,10 +2030,20 @@ def run_function_calls( user_input_schema = [] for input_field in fc.arguments.get("user_input_fields", []): field_type = input_field.get("field_type") - try: - python_type = eval(field_type) if isinstance(field_type, str) else field_type - except (NameError, SyntaxError): - python_type = str # Default to str if type is invalid + if isinstance(field_type, str): + type_mapping = { + "str": str, + "int": int, + "float": float, + "bool": bool, + "list": list, + "dict": dict, + } + python_type = type_mapping.get(field_type, str) + elif isinstance(field_type, type): + python_type = field_type + else: + python_type = str user_input_schema.append( UserInputField( name=input_field.get("field_name"), @@ -2185,10 +2195,20 @@ async def arun_function_calls( user_input_schema = [] for input_field in fc.arguments.get("user_input_fields", []): field_type = input_field.get("field_type") - try: - python_type = eval(field_type) if isinstance(field_type, str) else field_type - except (NameError, SyntaxError): - python_type = str # Default to str if type is invalid + if isinstance(field_type, str): + type_mapping = { + "str": str, + "int": int, + "float": float, + "bool": bool, + "list": list, + "dict": dict, + } + python_type = type_mapping.get(field_type, str) + elif isinstance(field_type, type): + python_type = field_type + else: + python_type = str user_input_schema.append( UserInputField( name=input_field.get("field_name"),
libs/agno/agno/tools/function.py+9 −1 modified@@ -54,9 +54,17 @@ def to_dict(self) -> Dict[str, Any]: @classmethod def from_dict(cls, data: Dict[str, Any]) -> "UserInputField": + type_mapping = {"str": str, "int": int, "float": float, "bool": bool, "list": list, "dict": dict} + field_type_raw = data["field_type"] + if isinstance(field_type_raw, str): + field_type = type_mapping.get(field_type_raw, str) + elif isinstance(field_type_raw, type): + field_type = field_type_raw + else: + field_type = str return cls( name=data["name"], - field_type=eval(data["field_type"]), # Convert string type name to actual type + field_type=field_type, description=data["description"], value=data["value"], )
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/agno-agi/agno/commit/cbf675521d4d2281925a051784a3b94172e56416nvdPatchWEB
- github.com/advisories/GHSA-77rh-m34w-rv36ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-35002ghsaADVISORY
- www.vulncheck.com/advisories/agno-field-type-eval-injection-arbitrary-code-executionnvdThird Party AdvisoryWEB
- github.com/agno-agi/agno/releases/tag/v2.3.24nvdProductWEB
News mentions
0No linked articles in our index yet.