PatchSiren cyber security CVE debrief
CVE-2026-25580 pydantic CVE debrief
CVE-2026-25580 is a high-severity Server-Side Request Forgery (SSRF) vulnerability in Pydantic AI, a Python agent framework. The vulnerability allows attackers to make HTTP requests to internal network resources by including malicious URLs in message history from untrusted sources. This could potentially lead to access to internal services or cloud credentials. The vulnerability affects applications that accept message history from external users and is fixed in version 1.56.0. Pydantic AI's URL download functionality is vulnerable from version 0.0.26 to before 1.56.0. The CVSS score for this vulnerability is 8.6, indicating a high severity.
- Vendor
- pydantic
- Product
- pydantic-ai
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-06
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-02-06
- Advisory updated
- 2026-06-30
Who should care
Organizations using Pydantic AI, especially those that accept message history from external users, should be aware of this vulnerability. This includes developers and security teams responsible for applications built with Pydantic AI. Given the high CVSS score of 8.6, prioritizing patching or mitigation is crucial to prevent potential exploitation.
Technical summary
The Server-Side Request Forgery (SSRF) vulnerability in Pydantic AI's URL download functionality allows attackers to make unauthorized HTTP requests to internal network resources. This is possible when applications accept message history from untrusted sources and can lead to unauthorized access to internal services or cloud credentials. The vulnerability exists from version 0.0.26 up to but not including 1.56.0 of Pydantic AI. The Common Vulnerability Scoring System (CVSS) score is 8.6, indicating high severity. The vulnerability is categorized under CWE-918.
Defensive priority
High priority should be given to updating Pydantic AI to version 1.56.0 or later. Applications that accept message history from external users are at higher risk and should be patched or mitigated immediately.
Recommended defensive actions
- Update Pydantic AI to version 1.56.0 or later.
- Review and restrict message history acceptance to trusted sources only.
- Implement additional security measures to detect and prevent SSRF attacks.
- Monitor for suspicious HTTP requests to internal network resources.
- Conduct thorough inventory checks for affected applications and services.
Evidence notes
The CVE-2026-25580 vulnerability is documented in the official CVE record and the National Vulnerability Database (NVD). The vulnerability affects Pydantic AI versions from 0.0.26 to before 1.56.0. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N, indicating a high severity score of 8.6. The weakness is categorized as CWE-918, Server-Side Request Forgery (SSRF).
Official resources
-
CVE-2026-25580 CVE record
CVE.org
-
CVE-2026-25580 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Exploit, Mitigation, Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.