CVE-2026-48782 pydantic CVE debrief

Who should care

Security teams and developers using Pydantic AI, especially those with cloud-based deployments, should be aware of this vulnerability. They should assess their usage of Pydantic AI and update to version 2.0.0b3 or later to mitigate the risk.

Technical summary

The vulnerability arises from the incomplete fix of GHSA-cqp8-fcvh-x7r3 / CVE-2026-46678. The previous fix only decoded IPv4-mapped IPv6, 6to4, and the NAT64 well-known prefix, leaving other transition forms vulnerable. An attacker can exploit this by encoding the metadata IP in an IPv6 transition form, such as IPv4-compatible IPv6 (::a.b.c.d), the NAT64 RFC 8215 local-use prefix (64:ff9b:1::/48), operator-chosen NAT64 prefixes, or ISATAP. The IPv6 wrapper is then delivered to the underlying IPv4 metadata endpoint when force_download='allow-local' is enabled.

Defensive priority

Medium

Recommended defensive actions

• Update Pydantic AI to version 2.0.0b3 or later
• Disable force_download='allow-local' if not required
• Assess and restrict network access to Pydantic AI applications
• Monitor for suspicious activity related to cloud IAM credentials
• Review and update security configurations for NAT64-configured networks or ISATAP tunnels
• Consider implementing additional security measures for cloud-based deployments

Evidence notes

The information provided is based on the official CVE record and NVD details. The vulnerability has been publicly disclosed and a fix is available. However, the effectiveness of the fix and potential attack vectors should be further assessed and tested.

Official resources