CVE-2026-25640: Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to befor
Summary
Pydantic AI versions 1.34.0 to before 1.51.0 contain a path traversal vulnerability (a flaw where attackers can access files outside intended directories) in the web UI that lets attackers inject malicious JavaScript code by crafting a specially crafted URL. When victims visit this URL or load it in an iframe (an embedded webpage), the attacker's code runs in their browser and can steal chat history and other data, but only affects applications using the Agent.to_web feature or the CLI web serving option.
Solution / Mitigation
This vulnerability is fixed in version 1.51.0. Update Pydantic AI to 1.51.0 or later.
Vulnerability Details
7.1(high)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-25640
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 95%