CNNVD-202508-609 Information
CNNVD ID
CNNVD-202508-609
Related CVE
- CNNVD Published: 2025-08-06
Description (Chinese)
agno是Agno开源的一个用于构建具有内存、知识和推理的多智能体系统的全栈框架。 agno 1.7.5及之前版本存在命令注入漏洞,该漏洞源于Model Context Protocol Handler组件中MCPTools/MultiMCPTools函数对参数command的错误操作,可能导致os命令注入。
Description (English)
Agno is an all-brand framework for the construction of multi-intelligence systems with memory, knowledge and reasoning. Agno 1.7.5 and previous versions have command-injecting holes that stem from the error of the MCPTools/MultiMCPTools function in the Model Context Protocol Handler component to the parameter command.
Hazard Level
High
Vulnerability Type
命令注入
Affected Vendor
Agno
Published
2025-08-06
Last Modified
2026-02-24
References
https://github.com/bayuncao-bit/vul-30 https://github.com/bayuncao-bit/vul-30#proof-of-concept https://vuldb.com/?ctiid.319025 https://vuldb.com/?id.319025 https://vuldb.com/?submit.620530
Patch
https://github.com/agno-agi/agno/releases
Share on: