Plattform
python
Komponente
pydantic-ai
Behoben in
1.34.1
1.51.0
CVE-2026-25640 describes a Cross-Site Scripting (XSS) vulnerability within the Pydantic AI web UI, specifically when using Agent.to_web or clai web to serve a chat interface. Exploitation allows an attacker to inject arbitrary JavaScript, potentially leading to the theft of sensitive client-side data like chat history. This vulnerability impacts versions of Pydantic AI up to and including 1.50.0, with a fix available in version 1.51.0.
An attacker can exploit this XSS vulnerability by crafting a malicious URL and enticing a user to click it or visit it within an iframe. Upon interaction, the attacker-controlled JavaScript code executes within the victim's browser, operating under the context of the Pydantic AI application. This allows the attacker to steal sensitive data stored on the client-side, such as chat history and potentially other session-related information. The impact is particularly concerning if the application is used to handle sensitive data or if users are not aware of the potential risks associated with clicking untrusted links. The vulnerability is limited to applications utilizing Agent.to_web or clai web to serve a chat interface.
CVE-2026-25640 was publicly disclosed on 2026-02-06. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog as of this writing. Given the nature of XSS vulnerabilities and the availability of various exploitation tools, it is prudent to assume that this vulnerability could be targeted in the future.
Developers and users of Pydantic AI who are utilizing Agent.to_web or clai web to serve chat interfaces, particularly those running these interfaces in environments accessible from outside the local machine (e.g., shared hosting, cloud deployments). Legacy configurations or deployments that haven't been updated to the latest version are also at increased risk.
• python / web:
import requests
import re
url = "http://localhost:8000/chat?message=<script>alert('XSS')</script>"
response = requests.get(url)
if re.search(r'<script>', response.text, re.IGNORECASE):
print("Potential XSS vulnerability detected!")
else:
print("No XSS detected.")disclosure
Exploit-Status
EPSS
0.01% (2% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-25640 is to upgrade to Pydantic AI version 1.51.0 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds such as carefully validating all user-supplied input before rendering it in the web UI. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can also provide an additional layer of protection. Monitor access logs for unusual activity or attempts to access suspicious URLs.
Actualice la biblioteca pydantic-ai a la versión 1.51.0 o superior. Esto corregirá la vulnerabilidad de path traversal y XSS almacenado. Puede actualizar usando pip: `pip install pydantic-ai==1.51.0`.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-25640 is a Cross-Site Scripting (XSS) vulnerability affecting Pydantic AI versions up to 1.50.0, allowing attackers to inject JavaScript into the web UI.
You are affected if you are using Pydantic AI versions 1.50.0 or earlier and utilizing Agent.to_web or clai web to serve a chat interface.
Upgrade to Pydantic AI version 1.51.0 or later to remediate the vulnerability. Consider input validation as a temporary workaround.
Currently, there are no known public exploits or confirmed active exploitation campaigns for CVE-2026-25640, but ongoing monitoring is advised.
Refer to the Pydantic AI project's official release notes and security advisories on their GitHub repository for the latest information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.