Platform
python
Component
agenta-api
Fixed in
0.48.2
0.48.1
CVE-2026-27952 describes a Python sandbox escape vulnerability found in Agenta API versions prior to 0.48.1. This flaw allows authenticated users to bypass the intended security restrictions and execute arbitrary code on the API server. The vulnerability stems from an incorrect configuration of the RestrictedPython sandboxing mechanism, which is used to evaluate user-supplied code. A fix is available in version 0.48.1.
An attacker exploiting this vulnerability could gain complete control over the Agenta API server. By injecting malicious code through the evaluator, they could execute arbitrary commands, access sensitive data, and potentially compromise the entire system. The attack path leverages the numpy.ma.core.inspect function, which exposes Python's introspection utilities, providing access to un-filtered modules. This effectively bypasses the intended sandboxing, allowing for unrestricted code execution. The potential impact includes data breaches, system takeover, and denial of service.
CVE-2026-27952 was publicly disclosed on 2026-02-26. Currently, there are no known public exploits or active campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog. The ease of exploitation is considered moderate due to the requirement for authenticated access and some familiarity with Python and the Agenta API.
Exploit Status
EPSS
0.09% (25% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-27952 is to immediately upgrade Agenta API to version 0.48.1 or later. If upgrading is not immediately feasible, consider implementing stricter input validation and sanitization for any user-supplied code passed to the evaluator. While a direct workaround is not available, limiting network access to the Agenta API server can reduce the potential blast radius of a successful exploit. Review and audit all custom code evaluators for similar misconfigurations.
Update Agenta-API to version 0.48.1 or higher. This version fixes the Python sandbox escape vulnerability by removing the `numpy` package from the allowlist. Alternatively, consider updating to version 0.60 or higher, where the RestrictedPython sandbox was replaced with a different execution model.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-27952 is a HIGH severity vulnerability in Agenta API versions ≤ 0.48.1 that allows authenticated users to bypass the code sandbox and execute arbitrary code on the server due to an incorrect numpy package whitelisting.
If you are running Agenta API versions prior to 0.48.1, you are affected by this vulnerability. Assess your deployments immediately.
Upgrade Agenta API to version 0.48.1 or later to remediate the vulnerability. If upgrading is not immediately possible, implement stricter input validation and restrict network access.
As of the current disclosure date, there are no known public exploits or active campaigns targeting CVE-2026-27952, but vigilance is advised.
Refer to the official Agenta project documentation and security advisories for the most up-to-date information regarding CVE-2026-27952.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.