SCA: security update for pydantic-ai, pydantic-ai-slim (GHSA-cg7w-rg45-pc59)

medium Tenable Cloud Security Plugin ID 443993

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. In
versions 1.56.0 through 1.101.0, 2.0.0b1, and 2.0.0b2, the cloud-metadata blocklist could be bypassed by
encoding the metadata IP in an IPv6 transition form that the previous fix, CVE-2026-46678, did not decode,
exposing cloud IAM short-term credentials. The previous remediation decoded only IPv4-mapped IPv6, 6to4,
and the NAT64 well-known prefix, so the metadata guarantee did not hold for the remaining transition
forms: IPv4-compatible IPv6 (::a.b.c.d), the NAT64 RFC 8215 local-use prefix (64:ff9b:1::/48), operator-
chosen NAT64 prefixes, and ISATAP. The IPv6 wrapper is then delivered to the underlying IPv4 metadata
endpoint. This occurs when an application using Pydantic AI opts a URL into force_download='allow-local'
(which disables the default block on private/internal IPs) and runs on a network that actually routes the
affected IPv6 transition forms: NAT64-configured networks (IPv6-only or dual-stack-with-NAT64 deployments,
including some Kubernetes setups) for the NAT64 variants, or networks with an ISATAP tunnel for ISATAP. A
standard dual-stack cloud VM or container does not route these forms and is not affected in practice. The
IPv4-compatible and Teredo variants are deprecated and addressed as defense-in-depth. This is an
incomplete fix of GHSA-cqp8-fcvh-x7r3 / CVE-2026-46678 (itself a follow-up to CVE-2026-25580). This issue
has been fixed in version 2.0.0b3. (CVE-2026-48782)

Solution

Update the pydantic-ai library and its related packages to version 1.102.0 or later.

See Also

https://github.com/advisories/GHSA-cg7w-rg45-pc59

Plugin Details

Severity: Medium

ID: 443993

Version: Revision 1.2

Type: Local

Family: SCA Checks

Published: 6/26/2026

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3.3

Percentile: 51.21

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2026-48782

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 6/26/2026

Vulnerability Publication Date: 6/16/2026

Reference Information

CVE: CVE-2026-48782

cwe: CWE-918