Plattform
python
Komponente
pydantic-ai
Behoben in
0.0.27
A Server-Side Request Forgery (SSRF) vulnerability has been identified in Pydantic AI, a Python agent framework. This flaw, present in versions 0.0.26 through 1.55.9, allows attackers to manipulate the application into making HTTP requests to internal network resources. The vulnerability is triggered when applications accept message history from untrusted sources, enabling attackers to inject malicious URLs and potentially compromise internal services or access sensitive data.
The SSRF vulnerability in Pydantic AI poses a significant risk to applications that handle user-provided message history. An attacker could craft a malicious URL within this history, causing the Pydantic AI server to send HTTP requests to internal systems. This could lead to unauthorized access to internal APIs, databases, or cloud credentials. The blast radius extends to any internal resource accessible via HTTP, potentially exposing sensitive information or enabling further attacks. Successful exploitation could allow an attacker to map the internal network, identify vulnerable services, and potentially escalate privileges.
This vulnerability was publicly disclosed on 2026-02-06. While no public proof-of-concept (PoC) has been released, the SSRF nature of the vulnerability makes it relatively easy to exploit. The EPSS score is likely to be medium, indicating a moderate probability of exploitation. Monitor for any reports of exploitation attempts and apply the recommended mitigation as soon as possible.
Applications built with Pydantic AI that accept message history from external users are at the highest risk. This includes chatbots, virtual assistants, and other AI-powered applications where user input is processed and used to generate responses. Specifically, deployments relying on untrusted message history sources or lacking robust input validation are particularly vulnerable.
• python / server:
import requests
import re
def check_pydantic_ai_ssrf(url):
# Check for URL patterns indicative of SSRF attempts
if re.search(r'^(?:127\.0\.0\.1|localhost|192\.168\.\d+\.\d+|10\.0\.\d+\.\d+)', url):
print(f"Potential SSRF attempt detected: {url}")
# Example usage (replace with actual message history)
message_history = "...malicious_url_here..."
check_pydantic_ai_ssrf(message_history)• generic web:
curl -I <your_pydantic_ai_endpoint> | grep -i 'Server:'• generic web:
grep -E 'http://127.0.0.1:8000|http://localhost:8000' /var/log/nginx/access.logdisclosure
Exploit-Status
EPSS
0.02% (4% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-25580 is to upgrade Pydantic AI to version 1.56.0 or later, which includes a fix for the SSRF vulnerability. If upgrading is not immediately feasible, consider implementing input validation on message history to sanitize URLs and prevent the inclusion of malicious content. Additionally, restrict network access for the Pydantic AI server to only the necessary resources. Web Application Firewalls (WAFs) configured to block suspicious URL patterns can provide an additional layer of defense. After upgrading, confirm the fix by attempting to inject a known malicious URL into message history and verifying that the server does not make an unauthorized request.
Aktualisieren Sie die pydantic-ai-Bibliothek auf Version 1.56.0 oder höher. Dies behebt die SSRF-Schwachstelle im URL-Download-Handling. Stellen Sie sicher, dass die Anwendung keinen Nachrichtenverlauf aus nicht vertrauenswürdigen Quellen akzeptiert, um das Risiko zu mindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-25580 is a Server-Side Request Forgery (SSRF) vulnerability in Pydantic AI versions 0.0.26 through 1.55.9, allowing attackers to access internal resources via malicious URLs.
You are affected if you are using Pydantic AI versions 0.0.26 through 1.55.9 and your application accepts message history from external, untrusted sources.
Upgrade Pydantic AI to version 1.56.0 or later. Implement input validation on message history as a temporary workaround.
While no active exploitation has been confirmed, the SSRF nature of the vulnerability suggests a moderate probability of exploitation.
Refer to the Pydantic AI security advisories on their official website or GitHub repository for the latest information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.