CVE-2026-10105

Summary

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the delete_by_metadata() method. Attackers can exploit the unsafe f-string interpolation in clickhousedb.py to delete all rows, target specific rows, or extract information through error-based or blind SQL injection techniques.

Affected Software

VendorProductVersion RangeStatus
agno-agiagno0 <= 2.6.5affected
agno-agiagno0 <= 26a7439b803c0ccc9a58ee53572d8088a678923faffected
agno-agiagno0 <= a0ec99305e782e68ba26f5966c53ad50b5f40132affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References