Plataforma
python
Componente
pydantic-ai
Corregido en
0.0.27
A Server-Side Request Forgery (SSRF) vulnerability has been identified in Pydantic AI, a Python agent framework. This flaw, present in versions 0.0.26 through 1.55.9, allows attackers to manipulate the application into making HTTP requests to internal network resources. The vulnerability is triggered when applications accept message history from untrusted sources, enabling attackers to inject malicious URLs and potentially compromise internal services or access sensitive data.
The SSRF vulnerability in Pydantic AI poses a significant risk to applications that handle user-provided message history. An attacker could craft a malicious URL within this history, causing the Pydantic AI server to send HTTP requests to internal systems. This could lead to unauthorized access to internal APIs, databases, or cloud credentials. The blast radius extends to any internal resource accessible via HTTP, potentially exposing sensitive information or enabling further attacks. Successful exploitation could allow an attacker to map the internal network, identify vulnerable services, and potentially escalate privileges.
This vulnerability was publicly disclosed on 2026-02-06. While no public proof-of-concept (PoC) has been released, the SSRF nature of the vulnerability makes it relatively easy to exploit. The EPSS score is likely to be medium, indicating a moderate probability of exploitation. Monitor for any reports of exploitation attempts and apply the recommended mitigation as soon as possible.
Applications built with Pydantic AI that accept message history from external users are at the highest risk. This includes chatbots, virtual assistants, and other AI-powered applications where user input is processed and used to generate responses. Specifically, deployments relying on untrusted message history sources or lacking robust input validation are particularly vulnerable.
• python / server:
import requests
import re
def check_pydantic_ai_ssrf(url):
# Check for URL patterns indicative of SSRF attempts
if re.search(r'^(?:127\.0\.0\.1|localhost|192\.168\.\d+\.\d+|10\.0\.\d+\.\d+)', url):
print(f"Potential SSRF attempt detected: {url}")
# Example usage (replace with actual message history)
message_history = "...malicious_url_here..."
check_pydantic_ai_ssrf(message_history)• generic web:
curl -I <your_pydantic_ai_endpoint> | grep -i 'Server:'• generic web:
grep -E 'http://127.0.0.1:8000|http://localhost:8000' /var/log/nginx/access.logdisclosure
Estado del Exploit
EPSS
0.02% (4% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2026-25580 is to upgrade Pydantic AI to version 1.56.0 or later, which includes a fix for the SSRF vulnerability. If upgrading is not immediately feasible, consider implementing input validation on message history to sanitize URLs and prevent the inclusion of malicious content. Additionally, restrict network access for the Pydantic AI server to only the necessary resources. Web Application Firewalls (WAFs) configured to block suspicious URL patterns can provide an additional layer of defense. After upgrading, confirm the fix by attempting to inject a known malicious URL into message history and verifying that the server does not make an unauthorized request.
Actualice la biblioteca pydantic-ai a la versión 1.56.0 o superior. Esto corrige la vulnerabilidad SSRF en el manejo de descargas de URL. Asegúrese de que la aplicación no acepte historial de mensajes de fuentes no confiables para mitigar el riesgo.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2026-25580 is a Server-Side Request Forgery (SSRF) vulnerability in Pydantic AI versions 0.0.26 through 1.55.9, allowing attackers to access internal resources via malicious URLs.
You are affected if you are using Pydantic AI versions 0.0.26 through 1.55.9 and your application accepts message history from external, untrusted sources.
Upgrade Pydantic AI to version 1.56.0 or later. Implement input validation on message history as a temporary workaround.
While no active exploitation has been confirmed, the SSRF nature of the vulnerability suggests a moderate probability of exploitation.
Refer to the Pydantic AI security advisories on their official website or GitHub repository for the latest information.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.
Sube tu archivo requirements.txt y te decimos al instante si estás afectado.