CVE-2026-27952
中文标题:
(暂无数据)
英文标题:
Agenta has Python Sandbox Escape, Leading to Remote Code Execution (RCE)
漏洞描述
中文描述:
(暂无数据)
英文描述:
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. Agenta used RestrictedPython as a sandboxing mechanism for user-supplied evaluator code, but incorrectly whitelisted the `numpy` package as safe within the sandbox. This allowed authenticated users to bypass the sandbox and achieve arbitrary code execution on the API server. The escape path was through `numpy.ma.core.inspect`, which exposes Python's introspection utilities — including `sys.modules` — thereby providing access to unfiltered system-level functionality like `os.system`. This vulnerability affects the Agenta self-hosted platform (API server), not the SDK when used as a standalone Python library. The custom code evaluator runs server-side within the API process. The issue is fixed in v0.48.1 by removing `numpy` from the sandbox allowlist. In later versions (v0.60+), the RestrictedPython sandbox was removed entirely and replaced with a different execution model.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Agenta-AI | agenta-api | < 0.48.1 | - | - |
cpe:2.3:a:agenta-ai:agenta-api:<_0.48.1:*:*:*:*:*:*:*
|
| agentatech | agenta | * | - | - |
cpe:2.3:a:agentatech:agenta:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.1 (cna)
HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2026-27952 |
2026-02-26 03:19:54 | 2026-02-25 22:00:02 |
| NVD | nvd_CVE-2026-27952 |
2026-02-27 02:00:05 | 2026-02-26 22:00:03 |
版本与语言
安全公告
变更历史
查看详细变更
- affected_products_count: 1 -> 2
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']