Skip to content

fix(security): upgrade google-adk minimum version to 1.28.1 (CVE-2026-4810)#93

Merged
adityamehra merged 1 commit into
mainfrom
fix/vuln-88790-upgrade-google-adk-v2
Jul 16, 2026
Merged

fix(security): upgrade google-adk minimum version to 1.28.1 (CVE-2026-4810)#93
adityamehra merged 1 commit into
mainfrom
fix/vuln-88790-upgrade-google-adk-v2

Conversation

@adityamehra

Copy link
Copy Markdown
Member

Summary

  • Bumps the minimum required google-adk version from 1.14.1 to 1.28.1 in splunk-ao-adk/pyproject.toml
  • Updates examples/agent/google-adk/requirements.txt to enforce the same minimum safe version

Security

CVE-2026-4810 (CRITICAL) — Code Injection and Missing Authentication vulnerability in Google Agent Development Kit (ADK) versions 1.7.0 through < 1.28.1. Allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance.

  • Affected: google-adk >= 1.7.0, < 1.28.1
  • Remediation: google-adk >= 1.28.1
  • Jira: VULN-88790

Test plan

  • All 252 unit tests in splunk-ao-adk pass against the installed google-adk 1.36.0
  • google.adk.agents.llm_agent.Agent import verified working
  • README OpenAI example verified end-to-end against rc0 Splunk AO environment

Made with Cursor

…-4810)

Bumps the minimum required version of google-adk from 1.14.1 to 1.28.1
to remediate CVE-2026-4810 (CRITICAL) — a Code Injection and Missing
Authentication vulnerability that allows unauthenticated remote code
execution on servers hosting ADK instances.

Resolves: VULN-88790
Co-authored-by: Cursor <cursoragent@cursor.com>
@adityamehra
adityamehra requested a review from fercor-cisco July 16, 2026 21:03
@adityamehra
adityamehra merged commit 3a01ab9 into main Jul 16, 2026
17 checks passed
@adityamehra
adityamehra deleted the fix/vuln-88790-upgrade-google-adk-v2 branch July 16, 2026 21:38
@github-actions github-actions Bot locked and limited conversation to collaborators Jul 16, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants