pydantic-ai is vulnerable to Server-Side Request Forgery (SSRF)
68
Medium Risk
The UI adapters in pydantic-ai/´pydantic-ai-slim´ reconstruct file parts from client-submitted message history and forward them to the model provider. While FileUrl parts are validated against a scheme allowlist, UploadedFile references that point to a provider file ID or cloud-storage URI such as s3:// or gs:// are forwarded without validation. Because the provider resolves these references using the server-side identity rather than the client's, untrusted input can make the server read files belonging to its own account or other tenants. The fix drops UploadedFile items from client-submitted messages unless the new preserve_file_data flag is explicitly enabled.
You are affected if you are using a version that falls within the vulnerable range and your application passes untrusted client-submitted message history to an agent through a UI adapter.
pydantic-ai is vulnerable to Server-Side Request Forgery (SSRF) in versions 1.65.0 - 1.105.0.
Upgrade the pydantic-ai or ´pydantic-ai-slim´ library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant