CVE-2026-4810 is already fixed?

[ftnext]

https://nvd.nist.gov/vuln/detail/CVE-2026-4810

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit (ADK) versions 1.7.0 (and 2.0.0a1) through 1.28.1 (and 2.0.0a2) on Python (OSS), Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance.

Which version contains the fix, and which commit introduced it?

[adk-bot]

Response from ADK Answering Agent (experimental, answer may be inaccurate)

TLDR: While I cannot confirm the specifics of CVE-2026-4810, several security fixes have been included in recent versions of ADK Python. Notably, versions 1.30.0 and 1.24.0 contain fixes for credential leakage and path traversal vulnerabilities. A security advisory regarding a LiteLLM supply chain compromise was also issued in March 2026.

---

Hello @ftnext,

Thank you for your question regarding CVE-2026-4810.

While I cannot access external links like the NVD page you provided to get details on the specific vulnerability, I can point you to recent security-related changes in ADK Python based on the project's CHANGELOG.

Recent versions of ADK Python have included several security fixes:

• Version 1.30.0 (2026-04-13):

  • Fixed a credential leakage vulnerability in the Agent Registry.
  • Added validation for user_id and session_id to prevent path traversal.

• Version 1.24.0 (2026-02-04):

  • Made credential key generation stable to prevent cross-user credential leaks.

Additionally, in March 2026, a security advisory was issued concerning a supply chain compromise in LiteLLM, a dependency used in ADK Python's eval and extensions extras. Users were advised to upgrade to the latest version of ADK Python immediately.

It is highly recommended to upgrade to the latest version of ADK Python to ensure you have all the latest security patches. For more detailed information, please review the ADK Python CHANGELOG.

I hope this information is helpful.

---

References:
[1] CHANGELOG

[nimanthadilz]

@ftnext @adk-bot although the nist.gov link says it was patched in 1.28.1, I see the recent release 1.31.1 with a bug fix named "block RCE vulnerability via nested YAML configurations in ADK". This new bug fix could be unrelated to the original vulnerability or not. Appreciate if ADK team can provide more details around this.

[adk-bot]

Response from ADK Answering Agent (experimental, answer may be inaccurate)

TLDR: The fix for the RCE vulnerability related to nested YAML configurations is in ADK Python version 1.31.1. This fix addresses a security issue where the args key in YAML configurations could be used for remote code execution.

---

Hello @ftnext and @nimanthadilz,

Thank you for the follow-up question. I can provide more specific details about the recent RCE fix.

As @nimanthadilz pointed out, version 1.31.1 of ADK Python includes a fix for an RCE (Remote Code Execution) vulnerability. This vulnerability is related to the use of nested YAML configurations. Specifically, the args key within an agent's YAML configuration was identified as a potential vector for RCE. [1]

To address this, a change was introduced to block the upload of any agent configuration that contains the args key. [1] This prevents the exploitation of this particular vulnerability.

Therefore, to answer the original question, while I cannot comment on the specific status of CVE-2026-4810, the RCE vulnerability mentioned in the recent comments is addressed in version 1.31.1. It is highly recommended to upgrade to the latest version of ADK Python to ensure your environment is secure.

I hope this clarifies the situation.

---

References:
[1] https://github.com/google/adk-python/blob/main/src/google/adk/cli/fast_api.py