CNNVD-202602-921 Information
CNNVD ID
CNNVD-202602-921
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
pydantic-ai是Pydantic开源的一个用于构建生产级应用程序和工作流的生成式AI框架。 pydantic-ai 1.56.0之前版本存在代码问题漏洞,该漏洞源于URL下载功能存在服务端请求伪造漏洞,当应用程序接受来自不可信源的消息历史记录时,攻击者可包含恶意URL,导致服务器向内部网络资源发出HTTP请求,可能访问内部服务或云凭据。
Description (English)
Pydantic-ai is a production-based AI framework for the construction of production-level applications and workflows. The pre-pydantic-ai 1.56.0 version has a code problem loophole, which stems from the fact that the URL download function has a service-end request for a false loophole, and that when the application accepts a historical record of information from untrustworthy sources, the assailant may include malicious URLs, leading the server to send an HTTP request to an internal network resource, possibly with access to internal services or cloud evidence.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Pydantic
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/pydantic/pydantic-ai/commit/d398bc9d39aecca6530fa7486a410d5cce936301 https://github.com/pydantic/pydantic-ai/security/advisories/GHSA-2jrp-274c-jhv3 https://access.redhat.com/security/cve/cve-2026-25580