Plateforme
python
Composant
pydantic-ai
Corrigé dans
0.0.27
A Server-Side Request Forgery (SSRF) vulnerability has been identified in Pydantic AI, a Python agent framework. This flaw, present in versions 0.0.26 through 1.55.9, allows attackers to manipulate the application into making HTTP requests to internal network resources. The vulnerability is triggered when applications accept message history from untrusted sources, enabling attackers to inject malicious URLs and potentially compromise internal services or access sensitive data.
The SSRF vulnerability in Pydantic AI poses a significant risk to applications that handle user-provided message history. An attacker could craft a malicious URL within this history, causing the Pydantic AI server to send HTTP requests to internal systems. This could lead to unauthorized access to internal APIs, databases, or cloud credentials. The blast radius extends to any internal resource accessible via HTTP, potentially exposing sensitive information or enabling further attacks. Successful exploitation could allow an attacker to map the internal network, identify vulnerable services, and potentially escalate privileges.
This vulnerability was publicly disclosed on 2026-02-06. While no public proof-of-concept (PoC) has been released, the SSRF nature of the vulnerability makes it relatively easy to exploit. The EPSS score is likely to be medium, indicating a moderate probability of exploitation. Monitor for any reports of exploitation attempts and apply the recommended mitigation as soon as possible.
Applications built with Pydantic AI that accept message history from external users are at the highest risk. This includes chatbots, virtual assistants, and other AI-powered applications where user input is processed and used to generate responses. Specifically, deployments relying on untrusted message history sources or lacking robust input validation are particularly vulnerable.
• python / server:
import requests
import re
def check_pydantic_ai_ssrf(url):
# Check for URL patterns indicative of SSRF attempts
if re.search(r'^(?:127\.0\.0\.1|localhost|192\.168\.\d+\.\d+|10\.0\.\d+\.\d+)', url):
print(f"Potential SSRF attempt detected: {url}")
# Example usage (replace with actual message history)
message_history = "...malicious_url_here..."
check_pydantic_ai_ssrf(message_history)• generic web:
curl -I <your_pydantic_ai_endpoint> | grep -i 'Server:'• generic web:
grep -E 'http://127.0.0.1:8000|http://localhost:8000' /var/log/nginx/access.logdisclosure
Statut de l'Exploit
EPSS
0.02% (percentile 4%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-25580 is to upgrade Pydantic AI to version 1.56.0 or later, which includes a fix for the SSRF vulnerability. If upgrading is not immediately feasible, consider implementing input validation on message history to sanitize URLs and prevent the inclusion of malicious content. Additionally, restrict network access for the Pydantic AI server to only the necessary resources. Web Application Firewalls (WAFs) configured to block suspicious URL patterns can provide an additional layer of defense. After upgrading, confirm the fix by attempting to inject a known malicious URL into message history and verifying that the server does not make an unauthorized request.
Mettez à jour la bibliothèque pydantic-ai à la version 1.56.0 ou supérieure. Cela corrige la vulnérabilité SSRF dans le traitement des téléchargements d'URL. Assurez-vous que l'application n'accepte pas l'historique des messages provenant de sources non fiables pour atténuer le risque.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-25580 is a Server-Side Request Forgery (SSRF) vulnerability in Pydantic AI versions 0.0.26 through 1.55.9, allowing attackers to access internal resources via malicious URLs.
You are affected if you are using Pydantic AI versions 0.0.26 through 1.55.9 and your application accepts message history from external, untrusted sources.
Upgrade Pydantic AI to version 1.56.0 or later. Implement input validation on message history as a temporary workaround.
While no active exploitation has been confirmed, the SSRF nature of the vulnerability suggests a moderate probability of exploitation.
Refer to the Pydantic AI security advisories on their official website or GitHub repository for the latest information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier requirements.txt et nous te dirons instantanément si tu es affecté.