AIKIDO-2026-11015
pydantic-ai-backend is vulnerable to Protection Mechanism Failure
72
High Risk
This Affects:
pydantic-ai-backendTL;DR
A flaw in glob-to-regex translation caused negated character classes like [!a] to be interpreted incorrectly during permission matching, silently reversing the intended allow/deny logic of affected rules. Instead of meaning any character except a, the pattern was treated as matching ! or a, which could make restrictive rules ineffective and permissive rules behave unpredictably. An attacker might exploit this by crafting file paths, resource names, or permission-matched inputs that intentionally satisfy the inverted pattern, allowing access to operations or resources that should have been blocked.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range and if you rely on glob patterns with negated character classes like [!a] in permission rules.
Background info
pydantic-ai-backend is vulnerable to Protection Mechanism Failure in versions 0.1.0 - 0.2.9.
How to fix this
Upgrade the pydantic-ai-backend library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant