{"data":{"id":"8dfa2b2b-10ef-47f7-a7bf-d2d09604e047","title":"GHSA-cqp8-fcvh-x7r3: Pydantic AI: SSRF cloud-metadata blocklist bypass via IPv4-mapped IPv6 (Incomplete fix of CVE-2026-25580)","summary":"Pydantic AI had a security flaw where attackers could bypass protections against accessing cloud-metadata endpoints (special internal servers that store sensitive credentials) by encoding the IP address in IPv6 transition forms (IPv4-mapped IPv6, 6to4, or NAT64, which are ways to represent IPv4 addresses using IPv6 format). This flaw only affects applications that explicitly allow local file downloads with the `force_download='allow-local'` setting on URLs that could be influenced by untrusted users.","solution":"Upgrade to Pydantic AI version 1.99.0 or later, which extends the blocklists to cover IPv6 transition forms that route to blocked IPv4 endpoints and adds protection for additional IANA-reserved IP ranges. For unpatched versions, avoid using `force_download='allow-local'` on URLs influenced by untrusted input, or resolve hostnames manually and validate them against your own blocklist including IPv6-encoded forms before creating the FileUrl.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-cqp8-fcvh-x7r3","publishedAt":"2026-05-21T21:35:18.000Z","cveId":"CVE-2026-46678","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":["pydantic-ai-slim@>= 1.56.0, < 1.99.0 (fixed: 1.99.0)","pydantic-ai@>= 1.56.0, < 1.99.0 (fixed: 1.99.0)"],"affectedVendors":[],"affectedVendorsRaw":["Pydantic","Pydantic AI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-21T21:35:18.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}