CNNVD-202602-1352 Information

CNNVD ID

CNNVD-202602-1352

Related CVE

CVE-2026-25905

• CNNVD Published: 2026-02-09

Description (Chinese)

Pydantic是Pydantic开源的一个库。可以使用 Python 类型提示进行数据验证。 Pydantic存在安全漏洞，该漏洞源于Python代码未与JS代码隔离，可能导致MCP服务器被劫持。

Description (English)

Pydantic is an open-source library of Pydantic. Data validation can be done using Python type tips. Pydantic has a security loophole, which stems from the fact that the Python code is not isolated from the JS code, which could lead to the hijacking of the MCP server.

Vulnerability Type

其他

Affected Vendor

Pydantic

Published

2026-02-09

Last Modified

2026-02-24

References

https://research.jfrog.com/vulnerabilities/mcp-run-python-lack-of-isolation-mcp-takeover-jfsa-2026-001653030/ https://access.redhat.com/security/cve/cve-2026-25905