agno is vulnerable to Exposure of Sensitive Information
59
Medium Risk
The CustomApiTools toolkit in agno.tools.api unconditionally attached the configured Authorization: Bearer <api_key> header to every request whenever an api_key was set. When base_url was left unset, the caller-supplied endpoint was used verbatim as the full request URL, so a model- or prompt-influenced endpoint could direct the request to an attacker-controlled host while still carrying the secret API key, exfiltrating the credential and enabling server-side request forgery. The fix stops attaching the configured API-key authorization header when base_url is unset, while still honoring explicit caller-provided Authorization headers passed to make_request.
You are affected if you are using a version that falls within the vulnerable range and using CustomApiTools with a configured api_key and no base_url.
agno is vulnerable to Exposure of Sensitive Information in versions 1.1.10 - 2.6.20.
Upgrade the agno library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant