CVE-2026-35002 | Agno up to 2.3.23 Parameter eval field_type eval injection

Inserito da Angelo Barbosa | Apr 2, 2026 | CVE

A vulnerability identified as critical has been detected in Agno up to 2.3.23. Affected is the function eval of the component Parameter Handler. The manipulation of the argument field_type leads to improper neutralization of directives in dynamically evaluated code.

This vulnerability is documented as CVE-2026-35002. The attack can be initiated remotely. There is not any exploit available.

You should upgrade the affected component.

CVE-2026-35002 | Agno up to 2.3.23 Parameter eval field_type eval injection

Post correlati

CVE-2025-58152 | Century Systems FutureNet MA-X HTTP Request file access

CVE-2024-51761 | Zack Gilbert & Paul Jarvis WPHelpful Plugin up to 1.2.4 on WordPress cross site scripting

CVE-2025-4762 | Lleidanet PKI eSigna up to 5.4.0 SignaViewer Component authorization

CVE-2024-10176 | Compact WP Audio Player Plugin up to 1.9.13 on WordPress Shortcode sc_embed_player cross site scripting