PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-25580 pydantic CVE debrief

CVE-2026-25580 is a high-severity Server-Side Request Forgery (SSRF) vulnerability in Pydantic AI, a Python agent framework. The vulnerability allows attackers to make HTTP requests to internal network resources by including malicious URLs in message history from untrusted sources. This could potentially lead to access to internal services or cloud credentials. The vulnerability affects applications that accept message history from external users and is fixed in version 1.56.0. Pydantic AI's URL download functionality is vulnerable from version 0.0.26 to before 1.56.0. The CVSS score for this vulnerability is 8.6, indicating a high severity.

Vendor
pydantic
Product
pydantic-ai
CVSS
HIGH 8.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-02-06
Original CVE updated
2026-06-30
Advisory published
2026-02-06
Advisory updated
2026-06-30

Who should care

Organizations using Pydantic AI, especially those that accept message history from external users, should be aware of this vulnerability. This includes developers and security teams responsible for applications built with Pydantic AI. Given the high CVSS score of 8.6, prioritizing patching or mitigation is crucial to prevent potential exploitation.

Technical summary

The Server-Side Request Forgery (SSRF) vulnerability in Pydantic AI's URL download functionality allows attackers to make unauthorized HTTP requests to internal network resources. This is possible when applications accept message history from untrusted sources and can lead to unauthorized access to internal services or cloud credentials. The vulnerability exists from version 0.0.26 up to but not including 1.56.0 of Pydantic AI. The Common Vulnerability Scoring System (CVSS) score is 8.6, indicating high severity. The vulnerability is categorized under CWE-918.

Defensive priority

High priority should be given to updating Pydantic AI to version 1.56.0 or later. Applications that accept message history from external users are at higher risk and should be patched or mitigated immediately.

Recommended defensive actions

  • Update Pydantic AI to version 1.56.0 or later.
  • Review and restrict message history acceptance to trusted sources only.
  • Implement additional security measures to detect and prevent SSRF attacks.
  • Monitor for suspicious HTTP requests to internal network resources.
  • Conduct thorough inventory checks for affected applications and services.

Evidence notes

The CVE-2026-25580 vulnerability is documented in the official CVE record and the National Vulnerability Database (NVD). The vulnerability affects Pydantic AI versions from 0.0.26 to before 1.56.0. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N, indicating a high severity score of 8.6. The weakness is categorized as CWE-918, Server-Side Request Forgery (SSRF).

Official resources

This article is AI-assisted and based on the supplied source corpus.