VYPR
Vendor

Agno

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2026-35002CriApr 2, 2026
    risk 0.57cvss 9.8epss 0.01

    Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a…

  • CVE-2026-10105HigMay 29, 2026
    risk 0.47cvss 8.3epss 0.00

    agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the delete_by_metadata() method. Attackers can exploit the unsafe f-string…

  • CVE-2025-8665MedAug 6, 2025
    risk 0.41cvss 6.3epss 0.02

    A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5. This issue affects the function MCPTools/MultiMCPTools in the library libs/agno/agno/tools/mcp.py of the component Model Context Protocol Handler. The manipulation of the argument…

  • CVE-2025-64168HigOct 31, 2025
    risk 0.39cvss 7.1epss 0.00

    Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition can occur, causing a session_state to be assigned and persisted to the…