CVE-2026-25640 | pydantic pydantic-ai up to 1.50.x URL Agent.to_web path traversal (GHSA-wjp5-868j-wqv7 / EUVD-2026-5593)
A vulnerability was found in pydantic pydantic-ai up to 1.50.x and classified as critical. This vulnerability affects the function Agent.to_web of the component URL Handler. The manipulation results in path traversal.
This vulnerability is cataloged as CVE-2026-25640. The attack may be launched remotely. There is no exploit available.
It is suggested to upgrade the affected component.