CVE-2026-4810— Agent Development Kit 安全漏洞

Remote Code Execution in Google Agent Development Kit (ADK)

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit (ADK) versions 1.7.0 (and 2.0.0a1) through 1.28.1 (and 2.0.0a2) on Python (OSS), Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This vulnerability was patched in versions 1.28.1 and 2.0.0a2. Customers need to redeploy the upgraded ADK to their production environments. In addition, if they are running ADK Web locally, they also need to upgrade their local instance.

N/A

关键功能的认证机制缺失

Agent Development Kit 安全漏洞

Agent Development Kit是Google开源的一个构建和部署AI智能体的开发框架。 Agent Development Kit 1.7.0至1.28.1版本和2.0.0a1至2.0.0a2版本存在安全漏洞，该漏洞源于代码注入和缺少身份验证，可能导致未经身份验证的远程攻击者执行任意代码。

N/A

N/A