Cyber Posture

CVE-2026-35002

CriticalPublic PoCRCE

Published: 02 April 2026

Published
02 April 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0043 62.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-35002 is a critical-severity Eval Injection (CWE-95) vulnerability in Agno Agno. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires validation of the field_type parameter to block malicious Python code injection into the eval() function.

SI-2 Flaw Remediation good match
prevent

Ensures timely identification, reporting, and patching of the arbitrary code execution flaw as fixed in Agno 2.3.24.

RA-5 Vulnerability Monitoring and Scanning good match
detect

Provides vulnerability scanning to detect the field_type eval injection vulnerability for prioritization and remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
attack.mitre.org →
Why these techniques?

CVE enables unauthenticated remote code execution in a public-facing application via Python eval() injection, directly mapping to exploitation of public-facing apps and Python interpreter abuse.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a…

more

FunctionCall to achieve remote code execution.

Deeper analysisAI

CVE-2026-35002 is an arbitrary code execution vulnerability (CWE-95) in Agno versions prior to 2.3.24. The flaw exists in the model execution component, where the field_type parameter passed in a FunctionCall is directly evaluated using Python's eval() function, enabling attackers to inject and execute arbitrary Python code.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity with network accessibility, low attack complexity, and no requirements for privileges or user interaction. Unauthenticated remote attackers can exploit it by manipulating the field_type value in a FunctionCall, achieving full remote code execution on the target system with high impacts to confidentiality, integrity, and availability.

Mitigation is addressed in Agno version 2.3.24, as evidenced by the release tag and the associated fixing commit. Further technical details on the field_type eval injection and exploitation are available in the VulnCheck advisory.

Details

CWE(s)
CWE-95

Affected Products

agno
agno
≤ 2.3.24

CVEs Like This One

CVE-2025-0868Shared CWE-95
CVE-2026-28370Shared CWE-95
CVE-2025-8420Shared CWE-95
CVE-2024-10633Shared CWE-95
CVE-2026-5971Shared CWE-95
CVE-2025-50187Shared CWE-95
CVE-2026-28505Shared CWE-95
CVE-2026-33618Shared CWE-95
CVE-2025-54322Shared CWE-95
CVE-2026-29091Shared CWE-95

References