Platform
python
Component
pydantic-ai
Fixed in
1.34.1
1.51.0
CVE-2026-25640 describes a Cross-Site Scripting (XSS) vulnerability within the Pydantic AI web UI, specifically when using Agent.to_web or clai web to serve a chat interface. Exploitation allows an attacker to inject arbitrary JavaScript, potentially leading to the theft of sensitive client-side data like chat history. This vulnerability impacts versions of Pydantic AI up to and including 1.50.0, with a fix available in version 1.51.0.
The primary impact of CVE-2026-25640 is the ability for an attacker to execute arbitrary JavaScript within the context of the Pydantic AI web UI. This can be achieved by crafting a malicious URL that, when visited by a victim, triggers the execution of the attacker's code in their browser. The vulnerability specifically targets applications utilizing Agent.to_web or clai web to serve a chat interface. While these interfaces are often deployed locally (on localhost), exposure through shared hosting environments or misconfigured network settings could significantly expand the attack surface. Successful exploitation could lead to the theft of chat history, session tokens, and other sensitive client-side data, potentially compromising user accounts and sensitive information.
CVE-2026-25640 was publicly disclosed on 2026-02-06. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog at the time of writing. Given the relatively recent disclosure and the lack of public exploits, the probability of active exploitation is currently considered low, but ongoing monitoring is recommended.
Exploit Status
EPSS
0.01% (2% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-25640 is to upgrade to Pydantic AI version 1.51.0 or later, which contains the fix for this vulnerability. If upgrading immediately is not feasible, consider implementing input validation and sanitization on the URL parameters used by Agent.to_web and clai web. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Carefully review and restrict access to the Pydantic AI web UI, limiting exposure to trusted networks and users. After upgrading, confirm the fix by attempting to access the web UI with a crafted URL containing potentially malicious JavaScript payloads; the application should properly sanitize the input and prevent code execution.
Actualice la biblioteca pydantic-ai a la versión 1.51.0 o superior. Esto corregirá la vulnerabilidad de path traversal y XSS almacenado. Puede actualizar usando pip: `pip install pydantic-ai==1.51.0`.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-25640 is a Cross-Site Scripting (XSS) vulnerability affecting Pydantic AI versions up to 1.50.0, allowing attackers to inject JavaScript into the web UI.
You are affected if you are using Pydantic AI versions 1.50.0 or earlier and utilizing Agent.to_web or clai web to serve a chat interface.
Upgrade to Pydantic AI version 1.51.0 or later to remediate the vulnerability. Consider input validation as a temporary workaround.
Currently, there are no known public exploits or confirmed active exploitation campaigns for CVE-2026-25640, but ongoing monitoring is advised.
Refer to the Pydantic AI project's official release notes and security advisories on their GitHub repository for the latest information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.