GHSA-4xgf-cpjx-pc3j: pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size
Summary
A vulnerability in pydantic-settings' `NestedSecretsSettingsSource` (a feature that reads secret values from files in a directory) allows attackers to read files outside the configured secrets directory by creating symbolic links (shortcuts that point to other locations on the system). The same flaw also bypasses `secrets_dir_max_size`, a size limit meant to prevent loading excessively large files. This can happen when `secrets_nested_subdir=True` is enabled and an attacker can add symbolic links to the secrets directory.
Classification
Affected Packages
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://github.com/advisories/GHSA-4xgf-cpjx-pc3j
First tracked: June 19, 2026 at 08:01 PM
Classified by LLM (prompt v3) · confidence: 85%