CVE-2026-25640

Name of the Vulnerable Software and Affected Versions Pydantic AI versions 1.34.0 through 1.50.9

Description Pydantic AI contains a path traversal issue in its web UI. A crafted URL can be used by an attacker to serve arbitrary JavaScript within the application's context. This allows execution of attacker-controlled code in the victim's browser, potentially leading to theft of chat history and session cookies. The issue arises because the CDN URL is constructed using a non-validated version query parameter from the request URL, enabling path traversal sequences. This vulnerability affects applications utilizing Agent.to web or clai web to serve a chat interface, which may be running locally or on a remote server.

Recommendations Upgrade to version 1.51.0 or later to remove the user-controllable version parameter and prevent the vulnerability.