Description
agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the delete_by_metadata() method. Attackers can exploit the unsafe f-string interpolation in clickhousedb.py to delete all rows, target specific rows, or extract information through error-based or blind SQL injection techniques.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
Low
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low
Affected products
- agno-agi / agno0 – 2.6.5
- agno-agi / agno0 – 26a7439b803c0ccc9a58ee53572d8088a678923f
- agno-agi / agno0 – a0ec99305e782e68ba26f5966c53ad50b5f40132
References
- MISChttps://github.com/agno-agi/agno/issues/7866
- PATCHhttps://github.com/agno-agi/agno/pull/7883
- PATCHhttps://github.com/agno-agi/agno/pull/7883/changes/26a7439b803c0ccc9a58ee53572d8088a678923f
- PATCHhttps://github.com/agno-agi/agno/pull/7883/changes/a0ec99305e782e68ba26f5966c53ad50b5f40132
- VENDOR_ADVISORYhttps://www.vulncheck.com/advisories/agno-sql-injection-via-clickhouse-delete-by-metadata