PyPI: pydantic-ai
CVE-2026-46678
Safety vulnerability ID: SFTY-20260521-78027
Safety legacy ID: pyup.io-98860
Affected versions of the pydantic-ai package are vulnerable to Server-Side Request Forgery due to the cloud-metadata and private-IP blocklists failing to handle IPv6 transition representations of blocked IPv4 endpoints. When an application opts a FileUrl, ImageUrl, AudioUrl, VideoUrl, or DocumentUrl into force_download='allow-local', the existing blocklist does not recognise IPv4-mapped IPv6 addresses, 6to4 addresses, or the NAT64 well-known prefix that resolve to cloud-metadata IPs on dual-stack or translated networks. An attacker who can influence such a URL with untrusted input can bypass the parent advisory metadata block and retrieve short-term IAM credentials from the cloud-metadata endpoint.
Overview
Pydantic AI: SSRF cloud-metadata blocklist bypass via IPv4-mapped IPv6 (Incomplete fix of CVE-2026-25580)
Advisory
Affected versions of the pydantic-ai package are vulnerable to Server-Side Request Forgery due to the cloud-metadata and private-IP blocklists failing to handle IPv6 transition representations of blocked IPv4 endpoints. When an application opts a FileUrl, ImageUrl, AudioUrl, VideoUrl, or DocumentUrl into force_download='allow-local', the existing blocklist does not recognise IPv4-mapped IPv6 addresses, 6to4 addresses, or the NAT64 well-known prefix that resolve to cloud-metadata IPs on dual-stack or translated networks. An attacker who can influence such a URL with untrusted input can bypass the parent advisory metadata block and retrieve short-term IAM credentials from the cloud-metadata endpoint.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260521-78027/CVE-2026-46678
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46678
- https://github.com/advisories/GHSA-CQP8-FCVH-X7R3
- https://github.com/pydantic/pydantic-ai/security/advisories/GHSA-2jrp-274c-jhv3
- https://github.com/pydantic/pydantic-ai/security/advisories/GHSA-cqp8-fcvh-x7r3
- https://github.com/advisories/GHSA-cqp8-fcvh-x7r3
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more