3 matches found
CVE-2026-25904
The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python code to access the localhost interface of the host to perform SSRF attacks. Note - the "mcp-run-python" project is archived and unlikely to receive a fix...
repository-manager (>=1.2.10 <=1.2.15) potentially affected by CVE-2026-25904 via mcp-run-python (=0.0.22)
mcp-run-python PYPI version =0.0.22 is affected by a known vulnerability. The following packages have a transitive dependency on mcp-run-python and may be impacted: - repository-manager =1.2.10, =1.2.15 Source cves: CVE-2026-25904 Source advisory: SNYK:PYTHON-MCPRUNPYTHON-15250607...
GHSA-6FGP-M6Q4-J3Q5 MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access
Impact Server-Side Request Forgery SSRF: A security vulnerability exists in the mcp-run-python tool specifically within the Pydantic-AI integration due to an overly permissive Deno sandbox configuration. The tool configures the Deno runtime—which is intended to isolate the execution of untrusted...