CNNVD-202510-4422 Information

CNNVD ID

CNNVD-202510-4422

Related CVE

CVE-2025-64168

• CNNVD Published: 2025-10-31

Description (Chinese)

agno是Agno开源的一个用于构建具有内存、知识和推理的多智能体系统的全栈框架。 agno 2.0.0版本至2.2.2之前版本存在安全漏洞，该漏洞源于高并发环境下session_state传递时存在竞争条件，可能导致用户会话数据泄露。

Description (English)

Agno is an all-brand framework for the construction of multi-intelligence systems with memory, knowledge and reasoning. There is a security loophole in the pre-versions of Agno 2.0.0 to 2.2.2, which stems from competitive conditions at the time of transmission of a session state in a high-coming environment, which may lead to the leakage of user session data.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Agno

Published

2025-10-31

Last Modified

2026-02-24

References

https://github.com/agno-agi/agno/security/advisories/GHSA-vw84-hprm-cxmm

Patch

https://github.com/agno-agi/agno/releases