CVE-2026-25640 Pydantic AI affected by Stored XSS via Path Traversal in Web UI CDN URL

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL...

Cross-site Scripting (XSS)

Overview pydantic-ai-slim is an Agent Framework / shim to use Pydantic with LLMs, slim package Affected versions of this package are vulnerable to Cross-site Scripting XSS via the version query parameter used in constructing the CDN URL for serving frontend HTML. An attacker can execute arbitrary...