{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T08:56:38.568","vulnerabilities":[{"cve":{"id":"CVE-2026-25580","sourceIdentifier":"security-advisories@github.com","published":"2026-02-06T21:16:17.167","lastModified":"2026-02-20T21:01:59.270","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 0.0.26 to before 1.56.0, aServer-Side Request Forgery (SSRF) vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from untrusted sources, attackers can include malicious URLs that cause the server to make HTTP requests to internal network resources, potentially accessing internal services or cloud credentials. This vulnerability only affects applications that accept message history from external users. This vulnerability is fixed in 1.56.0."},{"lang":"es","value":"Pydantic AI es un framework de agente Python para construir aplicaciones y flujos de trabajo con IA Generativa. Desde la 0.0.26 hasta antes de la 1.56.0, existe una vulnerabilidad de Server-Side Request Forgery (SSRF) en la funcionalidad de descarga de URL de Pydantic AI. Cuando las aplicaciones aceptan el historial de mensajes de fuentes no confiables, los atacantes pueden incluir URL maliciosas que hacen que el servidor realice solicitudes HTTP a recursos de red internos, accediendo potencialmente a servicios internos o credenciales en la nube. Esta vulnerabilidad solo afecta a aplicaciones que aceptan el historial de mensajes de usuarios externos. Esta vulnerabilidad está corregida en la 1.56.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pydantic:pydantic_ai:*:*:*:*:*:python:*:*","versionStartIncluding":"0.0.26","versionEndExcluding":"1.56.0","matchCriteriaId":"AED125A7-1F54-4ACF-A702-6D4C09ABDE13"}]}]}],"references":[{"url":"https://github.com/pydantic/pydantic-ai/commit/d398bc9d39aecca6530fa7486a410d5cce936301","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/pydantic/pydantic-ai/security/advisories/GHSA-2jrp-274c-jhv3","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}}]}