CVE•Published 2026-05-29•Modified 2026-06-02•1 article on news•6 live references•NVD data
CVE-2026-10105
Vulnerability data via NVD (ingested)
CVSS v3.1
8.3
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS percentile
—
Weaknesses (CWE)
Description
agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the delete_by_metadata() method. Attackers can exploit the unsafe f-string interpolation in clickhousedb.py to delete all rows, target specific rows, or extract information through error-based or blind SQL injection techniques.
Timeline
Published 2026-05-29
Modified 2026-06-02
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
More intel sources (5)
Shodan report
vuln:CVE-2026-10105Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-10105Censys host search filtered to this CVE id.
grep.app
CVE-2026-10105Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-10105GitHub code search for direct mentions.
Google dork
"CVE-2026-10105" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub (4)
CVE-2026-101054 repos
wolfSSL/wolfsslC
The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3 and DTLS 1.3! Update to wolfSSL 5.9.1 fo…
Xuchen-Li/cv-arxiv-dailyPython
Automatically update arXiv papers about SOT & VLT, Multi-modal Learning, LLM and Video Understanding using Github Actions.
NiNiyas/awesome-starsunknown
Made with https://github.com/NiNiyas/starred
cmivqa/ro-arxiv-dailyPython
Automatically Update Arxiv Papers Daily using Github Actions (Update Every 8th hours)