CVE-2026-25640: Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL

February 6, 2026

A Path Traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL. If a victim clicks the link or visits it via an iframe, attacker-controlled code executes in their browser, enabling theft of chat history and other client-side data.

This vulnerability only affects applications that use:

Agent.to_web to serve a chat interface
clai web to serve a chat interface from the CLI

These are typically run locally (on localhost), but may also be deployed on a remote server.

References

github.com/advisories/GHSA-wjp5-868j-wqv7
github.com/pydantic/pydantic-ai
github.com/pydantic/pydantic-ai/security/advisories/GHSA-wjp5-868j-wqv7
nvd.nist.gov/vuln/detail/CVE-2026-25640

Code Behaviors & Features

Detect and mitigate CVE-2026-25640 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →