CVE-2026-10105EPSS p22.4%

CVE-2026-10105CVE-2026-10105

Description

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the delete_by_metadata() method. Attackers can exploit the unsafe f-string interpolation in clickhousedb.py to delete all rows, target specific rows, or extract information through error-based or blind SQL injection techniques.

Scoring

CVSS 8.3 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS0.31% probability of exploitation · percentile 22.4% · 2026-06-19T12:03:05Z
Last modified2026-06-02

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-35002
CVE
CVE-2025-1520
CVE
CVE-2026-0603
CVE
CVE-2026-3172
CVE
CVE-2026-10607
CVE
CVE-2026-24977
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.