top of page
perceptive_background_267k.jpg

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplyi…

Published:

28 May 2026 at 22:00:00

Alert date:

29 May 2026 at 19:07:04

Source:

nvd.nist.gov

Click to open the original link from this advisory

Database & Storage, Web Technologies

Agno version 2.6.5 contains a critical SQL injection vulnerability in its ClickHouse vector database backend. The vulnerability exists in the delete_by_metadata() method where attackers can inject arbitrary SQL expressions through malicious metadata keys and values. The root cause is unsafe f-string interpolation in clickhousedb.py file. This vulnerability allows attackers to perform various malicious activities including deleting all database rows, targeting specific rows for deletion, or extracting sensitive information through error-based or blind SQL injection techniques. The vulnerability has been documented with associated GitHub issues and pull requests for remediation.

Technical details

Mitigation steps:

Affected products:

agno 2.6.5
ClickHouse

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-10105
https://github.com/agno-agi/agno/issues/7866
https://github.com/agno-agi/agno/pull/7883
https://github.com/agno-agi/agno/pull/7883/changes/26a7439b803c0ccc9a58ee53572d8088a678923f
https://github.com/agno-agi/agno/pull/7883/changes/a0ec99305e782e68ba26f5966c53ad50b5f40132
https://www.vulncheck.com/advisories/agno-sql-injection-via-clickhouse-delete-by-metadata

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page